Level Based Security

See also: User Interface

 

Topic Menu

• Level Based Security
  • Cscape Configuration
  • Access Levels
  • Password Object

Cscape Configuration

A user list can be configured to control access to Graphic objects and is accessible through the Project Navigator: 

Selecting User Security Configuration displays the following window:

Here user can configure different users with password and assign Access Level to each user. Up to 255 Users at any of 8 access levels (0 to 7) can be configured.

 

Add User - Using this option user can create new users, assign passwords and access levels as shown below:

Note:  

1. Username, Password and Access Level can be configured either through constants or through registers.

2. To configure username and password via constants for Variable based/IEC or EIEC, user will have to enter the data within quotes. For Example - 'User1'/'Pwd1' etc.

3. Username and Password are restricted to Alphanumeric only.

4. Maximum of 16 characters can be configured for Username and 10 characters for Password fields.

5. Level 0 indicates no specific access is required (i.e., the object can always be accessed by any user)

6. User with higher access level will have access to all the objects that are configured with lower access level. For example: User having access level 5 will have access to all objects from 1 to 5 access levels.

7. For WebMI WebMI – Web-Machine Interface - An HTML5-based HTTP server, where access to data and visualizations is enabled from anywhere via web clients. WebMI empowers users to control everything onscreen from a computer, tablet, or other mobile device. usage, username/password/access level must be configured as constants. If registers are configured then following error message will be displayed at the time of publishing webpages.

Edit User - This option is used for editing already existing users from the list.

Delete User - This option is used for deleting already existing users from the list.

Status - From Cscape 9.70 SP2 and FW 14.22 onwards, Status for user access has been supported for both device and WebMI users where the register configured for status will be used for displaying the time the user has logged in to device/WebMI and the username of the user logged in to the device/WebMI.

For Device - First 10 registers are used to display the timeout and username of user logged in on the device. First two registers are used to display the timeout i.e., the time the user has logged in on the device and from third to tenth registers are used to display the name of the user logged in on the device.

For example:

• %R1000 + %R1001 = Time Out

• %R1002*8 i.e., %R1002 to %R1009 = Username.

For WebMI:

Selecting "WebMI Support" option enables Status for user access in WebMI as well. From Eleventh register onwards, it is used for WebMI users. Since four connections are possible at a time, %R1011 to %R1050 registers are used.

For example:

• %R1010 to %R1019 - 1st connection/1st user, i.e., %R1010 + %R1011 = timeout for 1st connection/user and %R1012 to %R1019 = 1st logged in username.

• %R1020 to %R1029 - 2nd connection/2nd user, i.e., %R1020 + %R1021 = timeout for 2nd connection/user and %R1022 to %R1029 = 2nd logged in username.

• %R1030 to %R1039 - 3rd connection/3rd user, i.e., %R1030 + %R1031 = timeout for 3rd connection/user and %R1032 to %R1039 = 3rd logged in username

• %R1040 to %R1049 - 4th connection/4th user, i.e., %R1040 + %R1041 = timeout for 4th connection/user and %R1042 to %R1049 = 4th logged in username.

Note: %SR209.3 displays the Server status of WebMI i.e., it displays if the server is running or not. If this bit is high, then server is ON and running.

Note: %SR209.4 displays if any user is logged in to WebMI. i.e., the bit displays 1 if any user is logged in to WebMI.

Note: %SR209.3 and %SR209.4 registers are not supported in IEC and Advanced Ladder with Tags Editors.

Timeout (Mins) - The timeout specifies a timeout after which no key press or touch screen access will reset the current log in (Range 1 to 60 mins).

Return to the Top: Level Based Security

 

Access Levels

All the graphics objects can be configured with Access levels except for Text, Indicator, Bar graph, meter, Gauge, Static Bitmap A non-compressed image file format which uses small dots in a grid pattern to create an image., Data Trend (Snap Shot, Standard and Continuous), XY Graph, Video Object (XL7 / XL4 / EXL10/XL15+) and Recipe Editor Objects. Access Level supported graphics objects will have a new option "Access" where user can assign access level to that particular object.

For example: In Time Date object, selecting the Access>> option opens up the Select Access Level window, where a user can select a access level from 0 to 7 in the drop down as shown below. Only sers logged in with the configured access level (of the time date object) will have access to Time Date object.

Note: Default access level is 0 (Zero) for all the access level supported graphics objects.

Return to the Top: Level Based Security

 

Password Object

Password Object now has Object Type option included where in user can configure as either "Concealed Numeric" (which acts as a normal password object) or "User Access" (which acts as system login for user to login).

If user selects User Access as object type then password object is displayed as follows:

 

On OCS:

UserName: Accepts the configured username from the list or from registers.

Password: Accepts the configured password from the list or from registers.

User: This field displays the logged in username or NONE (no user has logged in)

Login/Logout: Login button changes to logout button once a valid user has logged in.

 

If a user e tries accessing an object they do not have an appropriate access level for, then an Access Denied message is displayed on the controller as shown:

Note: Access Denied message appears if user selects objects configured with Enable Input attribute as low.

Return to the Top: Level Based Security