Tab ‘Access Rights’


Recommendations for Data Security In order to minimize the risk of data security violations, we recommend the following organizational and technical actions for the system where your applications are running. As far as possible, avoid exposing the PLC and control networks to open networks and the internet. Use additional data link layers for protection, such as a VPN for teleaccess and install firewall mechanisms. Restrict access to authorized persons, change any existing standard passwords during the initial commissioning, and change them regularly.

In this tab page of the device editor, you define the device access rights of device users to objects on the PLC.

Requirements: User management must be set up on the control device. The Show access rights page check box must be selected in the CODESYS options (category Device editor). Please note that this CODESYS option can be overwritten by the device description.

Toolbar of the tab

Switches on and off the synchronization between the editor and the user management on the device.

If the button is not pressed, then the editor is blank or it contains a configuration that you loaded from the hard disk.

If the button is pressed, then CODESYS synchronizes the display in the editor continuously with the current user management on the connected device.

If you activate the synchronization while the editor contains a user configuration that is not synchronized with the device yet, then you are prompted what should happen to the editor contents. Options:

  • Upload from the device and overwrite the editor content: The configuration on the device is loaded into the editor, overwriting the current contents.
  • Download the editor content to the device and overwrite the user management there: The configuration in the editor is transferred to the device and applied there.
Import from disk

Opens the default dialog for selecting and importing a user management configuration from the hard disk.

When you click the button in the Users and Groups tab, the file type is Device user management files (*.dum).

When you click the button in the Access rights tab, the file type is Device rights management files (*.dum).

Export to disk Opens the default dialog for saving a file to the hard disk. This saves the user management configuration as an XML file. The data type is Device rights management files (*.drm).
Device user User name of the user currently logged in on the device
In the tree structure, the objects are listed to which actions can be executed in runtime mode. The objects are assigned by their object source and partially sorted in object groups. In the Rights view, you can configure the access options for a user group to a selected object.

Object source (top node in the object tree)

  • File system objects
  • Runtime system objects

Object groups and objects (indented)

Example: Device with child nodes Logger, PlcLogic, Settings, UserManagement.


The table applies for the object that is currently selected in the tree. For every user group, it shows the rights currently configured for the possible actions on this object.

Possible actions on the object:

  • Add/Remove
  • Change
  • View
  • Execute

The symbols represent the access rights:

  • : Access (action) is permitted explicitly.
  • : Access (action) is restricted explicitly.
  • : Gray plus/minus symbol: The right was inherited from the parent object.
  • : Access has not been permitted or denied explicitly, even not by the parent object. No access possible.
  • No symbol: Multiple objects are selected that have different access rights.

Change the right by clicking the symbol.

See also