Handling User Management on the Controller

For devices that support a device user management, the device editor includes the tabs Users and Groups and Access Rights. If the device permits it, you can view and also edit the user management for the device. You can assign rights with which certain user groups may access objects on the controller at runtime.

The device user management can already be predefined by the device description.

As in the project user management, users must be members of at least one user group and only user groups can be granted certain access rights.

Hint

Recommendations for Data Security In order to minimize the risk of data security violations, we recommend the following organizational and technical actions for the system where your applications are running. As far as possible, avoid exposing the PLC and control networks to open networks and the Internet. Use additional data link layers for protection, such as a VPN for teleaccess. Install firewall mechanisms. Restrict access to authorized people. Change any default passwords regularly before and after commissioning.

Note

Pay attention to the commands in the menu Online ‣ Security . They enable the simplified addition, editing or removal of a user account on the controller to which you are currently logged in.

Note

In order for the Access rights tab to be available in the device editor, the corresponding CODESYS option must be set for the device editor.

Refer to the following instructions for handling the editor for the device user management:

First-time login on the controller in order to edit or view its user management

Requirement: the controller has a device user management.

  1. Double-click the PLC object in the device tree.

    ⇒ The device editor opens.

  2. Click the Users and Groups tab.

  3. Click the button.

    ⇒ A dialog opens prompting whether the device user management should be activated.

  4. Click Yes to confirm the prompt.

    ⇒ The Device user login dialog opens.

  5. Specify “Administrator” as the User name and Password.

    ⇒ The dialog Password expired! Please provide a new one.

  6. Specify a new Password. The password strength is displayed.

    ⇒ After you confirm by clicking OK, the device user management is shown in the editor view.

Setting up a new user in the user management of the controller

Requirement: the controller has a device user management. You have the corresponding access data.

  1. Double-click the PLC object in the device tree.

    ⇒ The device editor opens.

  2. Click the Users and Groups tab.

  3. Click the (Synchronization) button in order to load the user management configuration from the controller to the editor. If you are not logged in to the device yet, then the dialog Device User Login opens for entering the user name and password.

    ⇒ The user management configuration of the device is shown in the editor.

  4. Click the Add button in the User view.

    ⇒ The Add user dialog opens.

  5. Specify the name of the new user and assign the user to a group. This counts as the user’s minimum required default group. The user can be assigned to other groups later. Define and confirm a Password for the user. Specify whether the user can change the password and whether the user has to change the password at the first login. Click OK to confirm.

    ⇒ The new user appears in the Users view as a new node and in the Groups view as a new subentry of the selected default group.

Changing access rights to controller objects in the user management of the controller

Requirement: the controller has a device user management. You have the corresponding access data.

  1. Double-click the PLC object in the device tree.

    ⇒ The device editor opens.

  2. Select the Access rights tab.

  3. Click the button (synchronization) in order to load the rights management configuration from the controller to the editor. If you are not logged in to the device yet, then the dialog Device User Login opens for entering the access data.

    ⇒ The access rights management configuration of the device is shown in the editor.

  4. Select the object whose access right you want to change to the left in the object tree.

    ⇒ In the Rights view, a table shows the access rights to this object for all configured user groups.

  5. Double-click the right in the table that you want to change.

    ⇒ If the object has child objects, then a dialog prompts whether you want to modify the rights for the child objects.

  6. Click Yes or No to close the prompt.

    ⇒ The rights are switched from “allowed” to “not allowed” or vice versa. The symbol in the table cell changes accordingly. Explicitly set rights appear in the table as green or red symbols. Rights that are inherited from a parent object appear as gray symbols.

Loading a user management from a *.dum file, modifying it, and downloading it to the controller in offline mode

  1. Double-click the PLC object in the device tree.

    ⇒ The device editor opens.

  2. Click the Users and Groups tab.

  3. Click the button. Select the file (<file name>.dum) from the local file system with the saved user management and click Open to confirm.

    ⇒ The users and groups described in the file are shown in the editor.

  4. Edit the configuration as you wish. For example, change the user password or add a new user.

  5. Click the Synchronization button to transfer the configuration to the device.

    ⇒ A dialog prompts to select the desired operation.

  6. Select the option Download the editor content to the device and overwrite the user management there.

    ⇒ The Device user login dialog opens.

  7. Provide valid credentials in order to login to the controller.

    ⇒ After you login successfully, the changes are transferred from the editor to the device. As long as the synchronization is not switched off, CODESYS automatically transfers more changes to the controller that are made in the editor.

See also