Separating the database administrator and developer functions

Separating the database administrator and developer functions 1:

Allow operating system access for authorized users only

The content of the user database is protected against manipulation with a signature. The names of groups, object protection levels and users are not encrypted and could be read. Access to the IPC should be restricted to authorized users via the operating system.

By default, the "GRP_Administrators" group also inherits the rights of the "GRP_OEMDev" (Developers) group.

If the (editing) administrator of the user database does not have rights to modify the TwinCAT Solution, only the membership of the "GRP_OEMDev" group in the "GRP_Administrators" group needs to be changed.

To do this, select the "GRP_Administrators" group on the Groups tab in the Software Protection configuration console and then click the Edit button:

Separating the database administrator and developer functions 2:

The desired group membership (or "None") can then be selected:

Separating the database administrator and developer functions 3:

An (editing) administrator can now change the user database, but no longer has the rights of the "GRP_OEMDev" group (Developers).