Tab ‘Access Rights’

Attention

:strong:Recommendations for Data Security

In order to minimize the risk of data security violations, we recommend the following organizational and technical actions for the system where your applications are running: Avoid exposing the PLC and controller network to open networks and the Internet (as much as possible). Implement additional protection, such as a VPN for remote access, and install a firewall mechanism. Restrict access to authorized personnel, and change any existing default passwords when commissioning and then in regular intervals.

In this tabbed page of the generic device editor, you define the access rights to objects on the PLC.

Requirement: User management must be set up on the PLC. The Show access rights page check box must be selected in the CODESYS options (category Device editor). However, the device description can overwrite this.

Actions

In the tree structure, all actions that can be executed at runtime are listed by object category. Each affected object is inserted below an action type. In the Rights view, you can configure the access options for a user group to a selected object.

Action categories (nodes at the top level of the action tree) File system objects Runtime system objects

Action types (inserted below each action categories: actions that can be executed on the object) Modify: Example: loading the application View: Monitoring Add/remove children: Add or remove child objects below an existing object Execute: Example: starting and stopping the application, setting breakpoints

Objects and child objects (inserted below each action type) Objects of a file system or runtime system that can be executed on the actions. Example: Device with child objects Logger, PlcLogic, Settings, UserManagement.

Rights

List of the currently defined user groups Symbols preceding the group names show the current rights definition regarding the object currently selected in the actions view.
	The actions currently selected in the action tree are granted to this group.
	The actions currently selected in the action tree are denied to this group.
	There is currently no explicit definition of rights for the actions selected in the actions view.
no symbol	There are several actions selected in the actions view that do not have any unified definition of rights regarding the currently selected group.
Assignment of a right after selection of an object in the action tree and selection of the group in the rights view:
Button Grant	Access (action) is permitted explicitly.
Button Deny	Access (action) is restricted explicitly.
Button Clear	The right to access (action) is reset to the default setting.

Menu Bar

Load to device	CODESYS loads the current configuration of access privileges to the PLC, making them effective there.
Load from device	CODESYS retrieves the current configuration of access privileges from the PLC.
Save to disk	CODESYS saves the current rights configuration to an XML file (\*.dar: stands for “Device Access Rights”).
Load from disk:	CODESYS reads the rights configuration from an XML file (\*.dar).

See also

• Generic Device Editor
• Managing Users on the Controller
• Tab ‘Users and Groups’

Which action in particular is affected when a specific access privilege is granted for a certain object?

x The right has to be set explicitly.

- The right is not relevant.

Objects			Action	Rights
				Add/remove children	Execute	Modify	View
Device			Login	-	-	-	x
	Logger		Read entries	-	-	-	x
	PlcLogic
		Application	Login	-	-	-	x
			Create	-	-	x	-
			Create child object	x	-	x	-
			Delete	-	-	x	-
			Load / online change	-	-	x	-
			Create boot project	-	-	x	-
			Read variable	-	-	-	x
			Write variable	-	-	x	x
			Force variable	-	-	x	x
			Set and delete breakpoint	-	x	x	-
			Set next statement	-	x	x	-
			Read call stack	-	-	-	x
			Single cycle	-	x	-	-
			Switch on flow control	-	x	x	-
			Read flow control	-	-	-	x
			Start / Stop	-	x	-	-
			Reset	-	-	x	-
	Settings		Read settings	-	-	-	x
			Write settings	-	-	x	-
	UserManagement		Read configuration	-	-	-	x
			Write configuration	-	-	x	-