Users rights contain the following elements: User, Group, Object, Operation, User Rights, Access rights. These elements allow you to manage users accounts and users access rights to control the access on the global projects.
A User is a person or a service with specific User Rights.
A Group is a Persona or a Function. It is predefined or added. Each Group provides accesses thanks to Object.
An Object is composed by predefined accesses thanks to Operation.
An Operation is the elementary action possible.
User Rights are the possible Access rights: VIEW, MODIFY, EXECUTE and ADD–REMOVE for the dedicated operation.
For more information, refer to the EcoStruxure Machine Expert Programming Guide .
Login and password are not set by default. This table describes how to log in:
|
Server/feature |
First connection or connection after reset to default / reset origin / reset origin device |
User Rights enabled |
Connection after User Rights disabled |
|---|---|---|---|
|
EcoStruxure Machine Expert |
You must first create your login and your password.
NOTE: The login and the password that you create during the first connection have administrator privileges.
NOTE: For information on lost login and passwords, see Troubleshooting.
|
Login: configured login Password: configured password |
No login or password required. |
|
Web server |
No login possible |
Login: configured login Password: configured password |
Login: Anonymous Password: no password required. |
|
FTP server |
No login possible |
Login: configured login Password: configured password |
Login: Anonymous Password: Anonymous |
|
OPC-UA |
No login possible |
Login: configured login Password: configured password |
Login: Anonymous Password: Anonymous |
|
feature |
No login possible |
Login: configured login Password: configured password |
No login or password required. |
| WARNING | |
|---|---|
login: a...z A...Z 0...9 – = [ ] \ ; ‘ , . / @ # $ % ^ & * ( ) _ + { } | : “ < > ? ` ~
password: a...z A...Z 0...9 – = [ ] \ ; ‘ , . / @ # $ % ^ & * ( ) _ + { } | : “ < > ? ` ~ and space
This table indicates the name and description of the predefined default groups:
|
Group Name |
Group Description |
|---|---|
|
Administrator |
|
|
Persona |
|
|
Persona Designer/Programmer |
Group dedicated to the design of the application. |
|
Persona Operator |
Group dedicated to the usage of the application. |
|
Persona Web Designer |
Group dedicated to the management of the Web server. |
|
Persona Communication |
Group dedicated to the management of communication features. |
|
Persona Maintenance |
Group dedicated to the maintenance of the application. |
|
Function |
|
|
Function External Media |
Group to allow the usage of External Command (from SD Card). |
|
Function File Access |
Group to allow permissions on files tab. |
|
Function FTP |
Group to allow usage of FTP. |
|
Function Symbol Configuration |
Group to allow access to Symbol Configuration. |
|
Function Web Access |
Group to allow command on Web server. |
|
Function Monitor |
Group to allow monitoring of IEC variables. |
|
Function OPC UA |
Group to allow access to OPC UA server. |
|
Function Variable |
Group to allow read/write of IEC variables. |
This table indicates the name and description of the predefined objects:
|
Object name |
Object Description |
|---|---|
|
Device |
Object related to the connection of the controller through EcoStruxure Machine Expert. |
|
ExternalCmd |
Object related to script command. |
|
FrmUpdate |
Object related to the commands Update Boot, Clone and CloneCheck. |
|
FTP |
Object related to FTP access (connection, upload and download on ftp server). |
|
Logger |
Object related to the message logger. |
|
OPC_UA |
Object related to OPC UA server (connection, read and write variables). |
|
PlcLogic |
Object related to the application on the controller. |
|
Settings |
Object related to the settings of the controller (nodename…). |
|
UserManagement |
Object related to User rights Management. |
|
Web |
Object related to the access of the Web server. |
|
FileSystem |
Object related to the file access (when accessing through the controller Files tab). |
This list indicates the name of the possible predefined operations:
SD Card command
Script Command: Reboot
Script Command: SET_NODE_NAME
Script Command: FIREWALL_INSTALL
Script Command: Delete
Script Command: Download
Script Command: Upload
Script Command: UpdateBoot
Script Command: CloneCheck (update controller Users Rights from SD card)
Clone operation (clone controller contents to empty SD card)
FTP server command
Connection to FTP server
List Directory
Change Directory
Create Folder
Rename Folder
Suppress Folder
Create File
Rename File
Suppress File
Download File
Upload File
OPC UA server command:
Connection to OPC UA server
Read Variable
Write Variable
Web server command:
Connection to Web server
List Variables
Read Variable
Write Variable
Set Time
Access to File System
Save File
Access to logger
Change Password
Reject/Trust Certificate (Also needs device.settings User Rights Modify)
EcoStruxure Machine Expert Command
Reset Origin Device
Login
Set Node Name
Update Logger
Create Application
Download application
Pass RUN / STOP
Reset (Cold / Warm / Origin)
Delete Application
Create Boot Application
Save Retain Variables
Restore Retain Variables
Add Group
Remove Group
Add User
Remove User
Read User Rights
Import User Rights
Export User Rights
For each Group linked with an Object, User Rights are predefined with specifics .
This table indicates the Access Rights:
| Access Rights |
Access Rights Description (depends on the Object. See Predefined Access Rights Needed by Object and Associated Operations). |
|---|---|
| VIEW |
Allow to read only parameters and applications. |
| MODIFY |
Allow to write, modify and download parameters and applications. |
| ADD_REMOVE |
Allow to add and remove files, scripts and folders. |
| EXECUTE |
Allow to execute and start applications and scripts. |
For each Group, several Objects are predefined with preset Access Rights
|
Group: Administrator |
|
|---|---|
|
Object name |
Access Rights |
|
Device |
VIEW / MODIFY / ADD_REMOVE / EXECUTE |
|
FTP |
VIEW / MODIFY / ADD_REMOVE |
|
Logger |
VIEW |
|
OPC_UA |
VIEW / MODIFY |
|
PlcLogic |
VIEW / MODIFY / ADD_REMOVE / EXECUTE |
|
Settings |
VIEW / MODIFY |
|
UserManagement |
VIEW / MODIFY |
|
Web |
VIEW / MODIFY / EXECUTE |
|
FileSystem |
VIEW / MODIFY / ADD_REMOVE |
| Group: Designer / Programmer persona | |
|---|---|
|
Object name |
Access Rights |
|
Device |
VIEW / ADD_REMOVE |
|
FTP |
VIEW / MODIFY / ADD_REMOVE |
|
Logger |
VIEW |
|
OPC_UA |
VIEW / MODIFY |
|
PlcLogic |
VIEW / MODIFY / ADD_REMOVE / EXECUTE |
|
Settings |
VIEW / MODIFY |
|
UserManagement |
VIEW |
|
Web |
VIEW / MODIFY / EXECUTE |
|
FileSystem |
VIEW / MODIFY / ADD_REMOVE |
| Group: Operator persona | |
|---|---|
|
Object name |
Access Rights |
|
Device |
VIEW |
|
Logger |
VIEW |
|
PlcLogic |
VIEW / MODIFY / EXECUTE |
|
Settings |
VIEW |
|
UserManagement |
VIEW |
|
Web |
VIEW / MODIFY / EXECUTE |
| Group: Designer / Web designer persona | |
|---|---|
|
Object name |
Access Rights |
|
Device |
VIEW |
|
FTP |
VIEW / MODIFY / ADD_REMOVE |
|
Logger |
VIEW |
|
OPC_UA |
VIEW |
|
PlcLogic |
VIEW |
|
Settings |
VIEW |
|
UserManagement |
VIEW |
|
Web |
VIEW / MODIFY / EXECUTE |
|
FileSystem |
VIEW / MODIFY / ADD_REMOVE |
| Group: Communication expert persona | |
|---|---|
|
Object name |
Access Rights |
|
Device |
VIEW |
|
FTP |
VIEW / MODIFY / ADD_REMOVE |
|
Logger |
VIEW |
|
OPC_UA |
VIEW / MODIFY |
|
PlcLogic |
VIEW / MODIFY / EXECUTE |
|
Settings |
VIEW |
|
UserManagement |
VIEW |
|
Web |
VIEW / MODIFY / EXECUTE |
|
FileSystem |
VIEW / MODIFY / ADD_REMOVE |
| Group: Maintenance persona | |
|---|---|
|
Object name |
Access Rights |
|
Device |
VIEW |
|
FTP |
VIEW / MODIFY / ADD_REMOVE |
|
Logger |
VIEW |
|
OPC_UA |
VIEW |
|
PlcLogic |
VIEW / EXECUTE |
|
Settings |
VIEW |
|
UserManagement |
VIEW |
|
Web |
VIEW / MODIFY / EXECUTE |
|
FileSystem |
VIEW / MODIFY / ADD_REMOVE |
For each Group, several Objects are predefined with predefined Access Rights
|
Group: Function External Media (1) |
|
|---|---|
|
Object name |
Access Rights |
|
ExternalCmd |
VIEW / MODIFY / ADD_REMOVE / EXECUTE |
|
FrmUpdate |
VIEW / MODIFY / ADD_REMOVE / EXECUTE |
|
(1) Enabling the objects in the group External Media will allow the access rights regardless of the user. That is to say, that the rights governing SD cards are global and are not confined to defined users. |
|
| Group: Function File Access | |
|---|---|
|
Object name |
Access Rights |
|
Logger |
VIEW |
|
FileSystem |
VIEW / MODIFY / ADD_REMOVE |
| Group: Function FTP Access | |
|---|---|
|
Object name |
Access Rights |
|
FTP |
VIEW / MODIFY / ADD_REMOVE |
|
Logger |
VIEW |
| Group: Function Symbol Configuration Access | |
|---|---|
|
Object name |
Access Rights |
|
Logger |
VIEW |
|
OPC_UA |
VIEW / MODIFY |
|
PlcLogic |
VIEW / MODIFY / ADD_REMOVE / EXECUTE |
|
Web |
VIEW / MODIFY / EXECUTE |
| Group: Function Web Access | |
|---|---|
|
Object name |
Access Rights |
|
Logger |
VIEW |
|
Web |
VIEW / MODIFY / EXECUTE |
| Group: Function Monitor Access | |
|---|---|
|
Object name |
Access Rights |
|
Logger |
VIEW |
|
OPC_UA |
VIEW |
|
PlcLogic |
VIEW |
|
Web |
VIEW |
| Group: Function OPC UA Access | |
|---|---|
|
Object name |
Access Rights |
|
Logger |
VIEW |
|
OPC_UA |
VIEW / MODIFY |
| Group: Function Variable Access | |
|---|---|
|
Object name |
Access Rights |
|
Logger |
VIEW |
|
OPC_UA |
VIEW |
|
PlcLogic |
VIEW / MODIFY / ADD_REMOVE / EXECUTE |
|
Web |
VIEW |
|
Object Name |
Access Rights |
|||
|---|---|---|---|---|
|
ADD_REMOVE |
MODIFY |
VIEW |
EXECUTE |
|
|
Device |
Reset origin device |
Set node name |
Login |
– |
|
ExternalCmd |
Delete |
Download |
Upload |
Delete Reboot Set Node Name Firewall install Clone Check |
|
FrmUpdate |
Updateboot |
– |
Clone |
Clone Check |
|
FTP |
– |
Create folder Rename Folder Suppress folder Create file Rename File Suppress file Upload file |
Connection to FTP Server List directory Change directory Create folder Rename Folder Suppress folder Create file Rename File Suppress file Download file Upload file |
– |
|
Logger |
– |
– |
Update logger |
– |
|
OPC_UA |
– |
Write Variable |
Connection OPC_UA Read Variable |
– |
|
PlcLogic |
Create application Download application Delete application Create Boot application |
Write Variable |
Read Variable Save retain variables |
Pass Run / Stop Reset Restore Retains Var |
|
Settings |
– |
Reject / Trust Certificate Set Node Name |
– |
– |
|
UserManagement |
– |
Add Group Remove Group Add User Remove User Edit User Rights Import User Rights Reset Origin Device |
Read User Rights Export User Rights |
– |
|
Web |
– |
Set Variables Set Time Save File Change Password |
Connection to Web server Monitor Variables Access Files System Change Password |
Execute Command |
|
FileSystem |
– |
– |
– |
– |
The Symbol Rights tab (seeTabs Description) allows you to configure user group access to the symbol sets. It consists in a customizable set of symbols allowing to separate functions and associate them with a user right. If supported by the target device, you can combine different symbol sets from the symbols of the application in the symbol configuration editor. The information about the symbol sets is downloaded to the controller. Then you can define the user group that has access to each symbol set.
The only way to gain access to a controller that has user access-rights enabled and for which you do not have the password(s) is by performing an Update Firmware operation. This clearing of User Rights can only be accomplished by using a SD card to update the controller firmware. In addition, you may clear the User Rights in the controller by running a script (refer to Reset the User Rights to Default). This effectively removes the existing application from the controller memory, but restores the ability to access the Controller.