User database as a central switching point

Access to the PLC project components is regulated via a user database (User DB).

The content of the database is protected against unauthorized changes through signing by the administrator. In order to clearly identify the database, it is provided with a so-called "User DB Key" – a unique identifier made up of components of the OEM certificate and a random component. The random component ensures that every User DB created is given a unique User DB Key.

If a project is linked by an authorized user with a specific User DB, its User DB Key is stored in the project. Afterwards this project can only be opened in conjunction with this User DB.

The Introduction of a user is regulated within the User DB via groups.

This means that at first, the access rights are specified within TwinCAT 3 Engineering. However, access to the PLC source code or the exchange of project files would still be possible via the operating system level. Therefore, apart from the regulation of the access rights, there are two further protective measures in the TwinCAT 3 Engineering: the signing and encryption of the project file.

The signing of the project file ensures that the project file cannot be exchanged for another file with the same name at operating system level. The signature data of the file are saved in the higher-level project node. The project must be connected with the user database.

The key used for the encryption of the project file is saved in the user database. The corresponding user database must therefore always be present on the engineering computer (directory: c:\Twincat\3.1\CustomConfig\userDBs).