Machine Users

When the GXPC platform has to be accessed by a third party software component, machine users can be used. This means a profile is used, that has AspenTech Inmation authentication activated. No windows group, or windows user is linked with this profile. The creation of security references follows the same approach like end user bound profiles (esi-security).

The following profiles are created for machine authentication authentication (software-to-software):


The profile has full access to the system (global / sites). “Administrative Role” property is checked.

Default password is changed at installation time of the Central-Core.

AspenTech Inmation authentication is de-activated.

Essentially this means the so profile is not usable, on a Q- or P-System. On a D-System, the so profile can be used.


This profile is used by the global VisualKPI installation. It has permissions like Global-Readers, but additionally:

  • Modify permissions on KPI model enterprise object

  • Modify permissions on KPI model site objects

Permissions are inherited to the subtree of the objects mentioned above.

The above requires that the references for MU-Global-VKPI are added when a Local-Core is deployed.


The profile has full administrative access to the system. This is valid because it is only used for WebAPI’s internal communication to the Core. When user requests to WebAPI endpoints are created, the permissions are handled by the profiles that apply to those users (see above).


The profile can list / read / write properties of objects of type “Message Broker” below the site’s local Core, and below the broker.