Project Settings - Users and Groups
The Project Settings > Users and Groups dialog box is used to manage user accounts and user access rights groups and the associated access rights. This allows you to control the access on EcoStruxure Machine Expert projects.
For managing access to devices supporting device user management, refer to the description of the Users and Groups view of the device editor in the Programming Guide.
For managing user rights, you have to login as Administrator user.
|
|
|
UNAUTHENTICATED, UNAUTHORIZED ACCESS |
|
oDo not expose controllers and controller networks to public networks and the Internet as much as possible. oUse additional security layers like VPN for remote access and install firewall mechanisms. oRestrict access to authorized people. oChange default passwords at start-up and modify them frequently. oValidate the effectiveness of these measurements regularly and frequently. |
|
Failure to follow these instructions can result in injury or equipment damage. |
NOTE: It is not intended that the Users and Groups feature be used to protect the EcoStruxure Machine Expert project against malicious access, but rather to help prevent mistakes from trusted users.
If you want to protect your entire project, activate the option Enable project file encryption in the Project Settings > Security dialog box.
If you want to protect only a part of your code inside the project, it is a best practice to put this code inside a compiled library.
NOTE: Consider the security-related commands which provide a way to add, edit, and remove a user in the online user management of the target device where you are currently logged in.
NOTE: You must establish user access-rights using EcoStruxure Machine Expert software. If you have cloned an application from one controller to another, you will need to enable and establish user access-rights in the targeted controller.
NOTE: The only way to gain access to a controller that has user access-rights enabled and for which you do not have the password(s) is by performing an Update firmware operation using an SD card or USB memory key (refer to the Controller Assistant User Guide for further information), depending on the support of your particular controller, or by running a script. This will effectively remove the existing application from the controller memory, but will restore the ability to access the controller.
If you want that certain functions of a controller can only be executed by authorized users, the Project Settings > Users and Groups dialog box allows you to define users, to assign access rights, and to require a user authentication at login.
To perform these actions, you can create users and configure their access rights to data, engineering tools, and files by using the ... user buttons. You can create user access-rights groups and configure each permission individually by using the ... group buttons.
The Users tab of the Project Settings > Users and Groups dialog box displays the users and their memberships in groups.
|
Button |
Description |
|---|---|
|
Add... |
Opens the Add user dialog box. |
|
Edit... |
Opens the Edit user dialog box. |
|
Remove |
A message is displayed if you attempt to delete the last user of a group because a group must have at least one member. |
|
Export/Import |
The dialog box for saving a file in the local file system opens. For exporting users, browse your local file system and save the users and groups definitions of the project to a file having the extension *.users in XML format. For importing users, browse your local file system for the file having the extension *.users. Open the file to import the users and groups definitions to your project. |
Add user / Edit user Dialog Box
The Add user / Edit user dialog box provides parameters for setting up a new user account or for modifying an existing user account.
|
Button |
Description |
|---|---|
|
Active |
By default, the option is activated, the user account can be used. If the option is deactivated, the user cannot log in. If the user attempts to log in with incorrect login data, this can result in the deactivation of the account. For further information, refer to the Settings tab. |
|
Memberships |
A list of the groups that you have defined in addition to the group Everyone (to which new users are assigned by default) is displayed. The user belongs to the groups that are selected. |
The Groups tab of the Project Settings > Users and Groups dialog box displays the groups and their members. A group can also be a member of a group.
|
Button |
Description |
|---|---|
|
Add... |
Opens the Add group dialog box. |
|
Edit... |
Opens the Edit group dialog box. |
|
Remove |
If you delete a group, the user accounts of the members remain unchanged. You cannot delete the default groups Everyone and Owner. |
|
Export/Import |
Refer to the description of the Users tab. |
The Settings tab of the Project Settings > Users and Groups dialog box displays options related to user management.
|
Option |
Description |
|---|---|
|
Maximum number of authentication trials |
If activated, the user account will be set to invalid after the specified number of trials to log in with an incorrect password. If not activated, the number of erroneous trials is unlimited. Default settings: option activated, number of trials: 3; permissible values: 1-10 |
|
Automatically logoff after time of inactivity |
If activated, the user will be logged out automatically after the specified number of minutes of inactivity (no user actions via mouse or keyboard registered in the programming system). Default settings: option activated, time: 10 minutes; permissible time values: 1...180 minutes. |
|
Password security: > New hash format for passwords |
Select this option to increase the level of security of your password. During first login, the stored password hash of a user is converted. NOTE: The new password hashes are not backward compatible. |
For information on protecting individual objects of a project, refer to the Protecting Objects in the Project Using Access Rights chapter.
