The Users and Groups view of the device editor is provided for devices supporting device Users and Groups management. If supported by the device, you can view and edit the Users and Groups management for the device. Thereafter, you can assign rights to allow certain user groups to access objects on the controller at runtime by assigning Access Rights.
For the user management at the project level, refer to the Project > User Management > Permissions... command.
The device Users and Groups management can be pre-defined in the device description.
As in the project user management, users have to be members of at least one user group. Only user groups can be assigned specific access rights.
For managing Users and Groups, you have to login as Administrator user.
NOTE: It is not intended that the Users and Groups feature be used to protect the EcoStruxure Machine Expert project against malicious access, but rather to help prevent mistakes from trusted users.
If you want to protect your entire project, activate the option Enable project file encryption in the Project Settings > Security dialog box.
If you want to protect only a part of your code inside the project, put this code inside a compiled library.
|
|
|
UNAUTHENTICATED, UNAUTHORIZED ACCESS |
|
oDo not expose controllers and controller networks to public networks and the Internet as much as possible. oUse additional security layers like VPN for remote access and install firewall mechanisms. oRestrict access to authorized people. oChange default passwords at start-up and modify them frequently. oValidate the effectiveness of these measurements regularly and frequently. |
|
Failure to follow these instructions can result in injury or equipment damage. |
NOTE: You can use the security-related commands which provide a way to add, edit, and remove a user in the online Users and Groups management of the target device where you are logged in.
NOTE: You must establish user access-rights using EcoStruxure Machine Expert software. If you have cloned an application from one controller to another, you will need to enable and establish user access-rights in the targeted controller.
NOTE: The only way to gain access to a controller that has user access-rights enabled and for which you do not have the password(s) is by performing an Update firmware operation using an SD card or USB memory key (refer to the Controller Assistant User Guide for further information), depending on the support of your particular controller, or by running a script. Since the process of running a script is specific to each controller, refer to the chapters File Transfer with SD Card or File Transfer with USB Memory Key in the Programming Guide of the controller you are using. This will effectively remove the existing application from the controller memory, but will restore the ability to access the controller.
Toolbar of the Users and Groups View
The toolbar provides the following elements:
|
Element |
Description |
|---|---|
|
Synchronization |
Click the Synchronization button to switch on / off the synchronization between the editor and the Users and Groups management in the controller. If Synchronization is not activated, then the editor contains a Users and Groups management configuration that has been imported from disk, or it does not contain any configuration at all. If Synchronization is activated, the data displayed in the editor is continuously synchronized with the Users and Groups management configuration on the connected controller. If you invoke Synchronization while the editor contains a Users and Groups configuration that is not synchronized with the device, you are prompted to decide what will be displayed in the editor: oUpload from the device and overwrite the editor content: The Users and Groups configuration from the controller is loaded to the editor. The contents of the editor is overwritten. oDownload the editor content to the device and overwrite the user management there: The configuration from the editor is loaded to the controller. The contents of the controller is overwritten. |
|
Import from disk |
Click the Import from disk button to open a dialog box for selecting and importing a Users and Groups management configuration from the disk. When you click the button in the Users and Groups view, the file type is set to Device user management files (*.dum). The Import from disk is available when you are in offline mode or Synchronization is deactivated. |
|
Export to disk |
Click the Export to disk button to open a dialog box for saving a file to the disk. The Users and Groups management configuration is saved as an XML file. When you click the button in the Users and Groups view, the file type is set to Device user management files (*.dum). |
|
Device user |
Name of the user who is logged into the controller. |
The handling of the Users and Groups management dialogs is similar to that of the project user management.
Users and Groups view of the device editor:
This view is divided in 2 parts:
oThe upper part is dedicated to access management of Users.
oThe lower part is dedicated to access management of Groups.
Editing or Viewing the Users and Groups Management Before any Users and Groups Have Been Established
|
Step |
Action |
Comment |
|---|---|---|
|
1 |
Double-click the controller node in the Devices tree. |
Result: The device editor opens. |
|
2 |
Select the Users and Groups view. |
– |
|
3 |
Click the Synchronization button |
Result: A dialog box opens prompting you to decide whether the device Users and Groups management should be activated. |
|
4 |
Click Yes to confirm the dialog box and to activate device Users and Groups management. |
Result: The Device user login dialog box opens. |
|
5 |
Enter Administrator as User name and Password. |
Result: The Password expired! Please provide a new one. dialog box opens. |
|
6 |
Enter a new password and click OK to confirm. |
Result: The device Users and Groups management is displayed in the editor view. |
Setting up a New User in the Users and Groups Management of the Controller
|
Step |
Action |
Comment |
|---|---|---|
|
1 |
Double-click the controller node in the Devices tree. |
Result: The device editor opens. |
|
2 |
Select the Users and Groups view. |
– |
|
3 |
Click the Synchronization button |
If you are not logged in to the controller yet, then the dialog box Device User Login opens. It allows you to enter the user name and the password. Result: The Users and Groups management configuration of the controller is displayed in the editor. |
|
4 |
Click the Add button in the Users part of the Users and Groups view. |
Result: The Add User dialog box opens. |
|
5 |
Enter a Name for the new user and select a Default group for the user from the list. |
You can assign the user to other groups later. |
|
6 |
Enter a new password, confirm the password, and Specify whether the user can change the password and whether the user has to change the password at the first login. |
– |
|
7 |
Click OK to confirm and to close the Add User dialog box. |
Result: The new user is displayed in the Users part as a new node and in the Groups part as a new subnode of the selected default group. |
Loading a Users and Groups Management From a *.dum File, Modifying it, and Later Downloading it to the Controller
|
Step |
Action |
Comment |
|---|---|---|
|
1 |
Double-click the controller node in the Devices tree. |
Result: The device editor opens. |
|
2 |
Select the Users and Groups view. |
– |
|
3 |
Click the Edit button, browse to the *.dum file that contains the saved Users and Groups management, and click Open to confirm. |
Result: The users and groups settings that are saved in the file are displayed in the editor. |
|
4 |
Adapt the settings according to your requirements. |
– |
|
5 |
Click the Synchronization button |
A dialog box is displayed, prompting you to select the suitable operation. |
|
6 |
Select the option Download the editor content to the device and overwrite the user management there. |
Result: The Device user login dialog box is displayed. |
|
7 |
Enter valid login data in order to log in to the controller. |
After successful login, the modifications are transferred to the controller. As long as the Synchronization button |
Printing the Users and Groups Management Configuration
To print the settings of the Users and Groups view, execute the command Print from the File menu or the command Document from the Project menu.
.