> For the complete documentation index, see [llms.txt](https://docs.videc.de/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.videc.de/acron-9.3/en/acron_der_anlagenchronist/das_wesentliche_von_acron.md).
# The essence of ACRON
* Process data interface for all standard control and visualization systems, programmable logic controllers (PLCs), including data transfer at any desired intervals and merging of selected data from any number of installations at a single central point.
* Report Generator
* Graphical analysis module
* Monitoring in Service
* Statistical analysis of alerts and events
* Laboratory value system
* Data redundancy
## Procedure on initial setup
The ACRON Designer is used to configure the system according to individual requirements. To configure a new plant it is advisable to follow this procedure:
* [Set up the process connection](/acron-9.3/en/anlagenkonfiguration/prozessanbindung.md)
* [Set up the external variables](/acron-9.3/en/anlagenkonfiguration/prozessanbindung/provider/providerid/variablengruppe.md#extvar)
* [Create the](/acron-9.3/en/anlagenkonfiguration/verfahrensgroessen.md) [process variables](https://github.com/Dataforum-Software/gitbook/blob/master/acron/9.3/en/designer/glossar/verfahrensgroesse.md)
* [Configure report templates as necessary](/acron-9.3/en/anlagenkonfiguration/berichte.md)
* [Create the forms for reports](/acron-9.3/en/anlagenkonfiguration/berichte.md)
* [Set up Service as necessary](/acron-9.3/en/anlagenkonfiguration/service.md)
If you want to test your newly configured plant in the ACRON Reporter, you can generate test data for the purpose with the [ACRON Simulator](/acron-9.3/en/acron_der_anlagenchronist/acron_simulator.md).
## PROJECT DESIGN FOR INCREASED SAFETY REQUIREMENTS
This project design specification is an addition to the standard project design of ACRON. This is described in detaACRONil in the manual and in the online help.
Here, we describe modifications from standard project design and list activities that are required to meet increased system safety requirements.
### Set up user
#### Login process
To meet the security requirements according to the general standards, ACRON uses the Windows login configuration options. The login process in ACRON follows this scheme when using the Windows login:
ACRON identifies the current Windows login at startup. Then the list of ACRON users is searched for this login name (converted to uppercase).
* A: If this user exists, the login for this user will be done.
* B: If the user does not exist, the list of ACRON groups is searched for the group to which the current Windows user is assigned.
Note
As every Windows user is assigned to the Users group by default, this group for security reasons is not taken into account during group matching for the login proces.
If no group is found either or if the Windows login fails for other reasons, the ACRON login becomes active and the ACRON login screen appears. In the drop-down box of the login dialog, only the ACRON users for which a password has been assigned are displayed for selection.
#### Procedure
User [administration must always](/acron-9.3/en/anlagenkonfiguration/benutzerverwaltung/benutzergruppen-benutzer.md#bv-aktiv) be active. When enabling the [Windows Login](/acron-9.3/en/anlagenkonfiguration/benutzerverwaltung/benutzergruppen-benutzer.md#windowslogin) option, ACRON Designer helps the user to find the correct settings for a valid user management.
Note
For safety reasons, an invalid user administration **cannot** be saved.
The following is required: A password-protected user with administrator privileges must be created (the [Open Designer](/acron-9.3/en/anlagenkonfiguration/benutzerverwaltung/benutzergruppe/zugriffsrechte_designer.md#designer-oeffnen) and [User Management](/acron-9.3/en/anlagenkonfiguration/benutzerverwaltung/benutzergruppe/zugriffsrechte_designer.md#benutzerverwaltung) options must be enabled), as no password can be assigned to ACRON users when Windows login is active. However, to use the Windows login, at least one password-protected user must exist. To exit the user administration, it is also a requirement that at least one user with the privilege for the user administration exists.
#### Create [groups and users](/acron-9.3/en/anlagenkonfiguration/benutzerverwaltung/benutzergruppe.md)
By default, ACRON creates one *administrator* group and one *user* group. These groups are only for an easier startup configuration and should be adapted to the system.
This is especially true for the group *users*. By default, Windows assigns **all users** to the system group users. If [Windows login](/acron-9.3/en/anlagenkonfiguration/benutzerverwaltung/benutzergruppen-benutzer.md#windowslogin) is active, when creating a new user group a selection dialog can be opened via the button [System group....](/acron-9.3/en/anlagenkonfiguration/benutzerverwaltung/benutzergruppe.md#systemgruppe), which offers all available Windows groups for selection.
It may therefore be useful to create and configure required groups at Windows level first. Subsequently, these groups are transferred to ACRON and configured accordingly.
Since rights are assigned at the group level in ACRONACRON, it is not absolutely necessary to create all system users in ACRONACRON as well. If a system user is not created in ACRON, he will be logged in to ACRON with the rights of the group corresponding to his system group. The group membership of system users can be configured differently in ACRON. It is therefore possible to set up a system user with administrator rights in ACRON as a user with restricted rights, as well as to assign administrator rights to a system user with restricted rights in ACRON.
In this way, it is possible to regulate the use of ACRON very precisely - another important aspect in the context of a fine-tuned safety concept.
* In Windows there is a system group ABC with the users user1 and user2. And a second system group EFG with the users user3, user4 and user8.
* In ACRON there is also a group ABC. Here with the users user1 and user4 and a group KLM with the users user3 and user6.
The system users user1 and user4 are assigned to the group ABC in ACRON and get the rights of the group ABC when logging in. The system user user2 is not represented in ACRON. However, since there is also a group ABC in ACRON, user2 is logged in via the group membership with the rights of this group. The system user user3 is represented in ACRON in the group KLM and is logged in with the privileges of this group. System user user8 and group EFG are not represented in ACRON - user8 is not able to log in to ACRON.
The ACRONACRON user user6 in the group KLM is also **not able** to log in to ACRON when Windows login is active.
#### Rights assignment
Access to **module** [**Designer**](/acron-9.3/en/anlagenkonfiguration/benutzerverwaltung/benutzergruppe/zugriffsrechte_designer.md) should be given only to employees with administrative tasks. In addition, these administrative tasks should be specified within the designer by assigning appropriate privileges. Employees who manage users should possibly not be allowed to configure process variables. On the other hand, employees who are responsible for connecting to the control system, for example, should not be allowed to assign user rights.
Since the **module** [**Admin**](/acron-9.3/en/acron_der_anlagenchronist/acron_admin.md) exposes system configurations and asset properties, it should be deleted or secured by other access rights on the clients after all assets have been set up there. The deployment should then only take place on the server.
The [**authorization to start the individual modules**](/acron-9.3/en/anlagenkonfiguration/benutzerverwaltung/benutzergruppe/zugriffsrechte_service/vordefinierte_zugriffsrechte.md) should be assigned in such a way that the respective user groups only have access to the modules that are required for their work.
As already noted, it is also possible to specify which user(s) has/have which authorization(s) within the modules.
For example, you can specify whether users a[re only allowed to open diagrams](/acron-9.3/en/anlagenkonfiguration/benutzerverwaltung/benutzergruppe/zugriffsrechte_graph.md) for viewing or whether they are also authorized to make changes, whether reports can be generated and whether they can also be output.
For activities involving process variables, an **additional password** prompt may be requested or a confirmation may be required by entering the login name and password of another user. This allows to protect important processes additionally: Certain activities have to be explicitly confirmed - an accidental action can thus be prevented.
If the user is absent for a short time, no changes can be made by unauthorized users. An activity must be confirmed by another user - additional control of the activity is performed. The settings are made individually for each process variable in the Safe[ty area of](/acron-9.3/en/anlagenkonfiguration/verfahrensgroessen/autogroesse/sicherheit.md) the Properties window.
By **activating the** [**approval management**](/acron-9.3/en/anlagenverwaltung/objekt-eigenschaften-anlage.md#freigabeverwaltung), additional security mechanisms of ACRON can be used:
* With active approval management, it is possible, for example, to 'approve' sensitive values and to protect approved values from being overwritten.
* Another possible approach is to approve all values and - with the corresponding option enabled - ensure that the approval is lost when values are changed.
* With the ability to c\*\*[onfigure markers](/acron-9.3/en/anlagenverwaltung/register-marker.md)\*\* and colors, this can also be visualized very well.
In the example, the value was changed from 77 to 75. The changed value is displayed in "**red**" and marked by the markers **#** (not released) and **OV** (overwritten value).
**Further required or recommended settings are made in the Options tab of the plant management:**
* By enter[ing a time period for au](/acron-9.3/en/anlagenverwaltung/register-optionen.md#logout)tomatic logout, it is achieved that the user is logged out from ACRON in case of iACRONnactivity. This ensures that no unauthorized access can take place in the absence of the user.
* Assigning a [password for terminating](/acron-9.3/en/anlagenverwaltung/register-optionen.md#passwort) the provider, database engine, DDE/OPC server and mirror ensures that unauthorized users cannot terminate these system programs. Needless to say, this password may only be made known to authorized users.
* The [Log data changes option](/acron-9.3/en/anlagenverwaltung/register-optionen.md#datenaenderungen) ensures that all data changes in all ACRON modules are logged. The modification protocols can be viewed using the report output of module Reporter. **Activating this option is mandatory for a complete audit trail!**
## Configure ACRON Server and ACRON Clients for automatic updates
For operators with very large numbers of workstations, the facility has been introduced to install new Service Packs just one time network-wide and update the ACRON Clients using the AutoInstall function. If [AutoInstall](/acron-9.3/en/anlagenverwaltung/register-optionen.md#automatischeupdates) is activated, each time the ACRON programs Designer, Reporter, Service, Graph, Alert and Visual are started, it is checked whether a newer ACRON version is available on the network. if so, it is automatically installed on the Client computer.
It is essential that a new Service Pack should be installed on ALL Database Servers to ensure that the Clients and Servers receive the same software version.
Note
Before installing, the AutoInstall function checks whether all files can be installed; all ACRON services are stopped and restarted. All programs running as applications must be manually stopped, otherwise the installation will be aborted.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.videc.de/acron-9.3/en/acron_der_anlagenchronist/das_wesentliche_von_acron.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.