Assigning user access rights in the project
Download link: Planning table for group rights and Object Protection Level An Excel table for the simple planning of group rights and access rights group sets (Object Protection Level) can be downloaded here. |
You can assign the Object Protection Levels created to TwinCAT objects, e.g. to a PLC project.
- The access authorization groups are defined.
- The project is linked to a user database.
- 1. Select the PLC object in the PLC project tree in the Solution Explorer.
- The Properties view is updated. (If the Properties view is not open, select the Properties Window command in the View menu to open it).
- 2. Select the desired Object Protection Level from the drop-down list of the ObjectProtection property in the Security category.
- 3. Then set the value of the property Encrypted to TRUE via the drop-down list. This setting is important in order to prevent access to the source code, e.g. via the operating system level.
- 4. Then set the value of the property Signed to TRUE via the drop-down list. This setting is important in order to prevent an unauthorized replacement of the object file at operating system level by another file of the same name.
- The PLC project can now be accessed by the user groups, which were specified in the Object Protection Level. Save the PLC project to apply the settings.
In the example Object Protection Level "Public":
- The "Guests" user group has read access to the PLC project.
- The "Developers" user group has full access.
(No access rights were defined for the other user groups, since they are not used in the sample project.)
The access rights specified in the root of the PLC project are automatically passed on in the PLC project tree to all sub-elements of the SPS object, if they have the properties Object Protection Level and Encryption.
Alternatively, the Object Protection Level and the encryption can be assigned individually for each sub-element. This can be set in the sub-element properties.
Here, too, you must set the value of the Encrypted and Signed properties for the object to TRUE via the drop-down list. The purpose of this is firstly to prevent access to the source code, e.g. via the operating system level, and secondly to prevent an unauthorized replacement of the object file by another file of the same name.