Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
If no user is logged in or the user does not have adequate rights, the operator input
will not be executed and the box shown above is output.
Examples of operator input are changes to setpoints, recipes, selecting pictures or
calling up the configuration software from process mode.
There are different access levels which allow the setup of a hierarchical
access protection scheme, such as exclusive authorizations for
individual operators.
Example 1 Here, an example of hierarchical access protection is shown. For more important
operator input, a higher authorization level is required. If the operator logs in with a
"level 3" authorization, he or she also has the authorizations below this level.
Example 2 This example shows different authorization levels assigned independently of each
other. This principle is often used in WinCC projects.
How these two principles are implemented in WinCC is explained on the following
pages.
Four user groups are defined. The lowest group "Operator" only has authorization
for "Level 1". The next group up "shift supervisor" has the authorization for "Level
1" and "Level 2", the "process engineers" have access at "Level 1" to "Level 3" and
the "service" group has all authorization levels and can therefore access all
protected objects.
Following this, individual users can be assigned additional rights (in the example
above, the user "A. Schmidt" receives the additional right "Change controller
settings"). It would also be possible to take rights away from individual users.
The question is now whether the group rights of a user or the rights assigned to
the user (user rights) take effect in runtime. In WinCC, the rights assigned to the
user are always crucial.
Exception: When using the option SIMATIC Logon, the group rights are relevant.
If the rights of a group are changed (in the example above the group "process
engineers" has an extra right assigned) this does not affect the existing users of
this group. Only when new users are created do they inherit the current rights.
If, for example, you select the highest level "User Administrator", the tabs "Groups
[all], "Users [all] and "Authorization levels [all]" are displayed.
New Group A further user group can be created using the shortcut menu (see figure) or in the
"Groups [all]" tab.
New User A further user can be created using the shortcut menu (see figure) or in the "Users
[Operator]" tab.
Properties Here, an automatic logout can be set. This property is inherited by new users of
this group.
Properties Here, for example, an automatic logout after an absolute time or after an inactive
time can be set. In the example above, no password has yet been assigned.
Depending on whether the logged on users have the right with ID = 1 (the name of
the authorization level is not relevant), they can only change their own properties
or the properties of all users.
In the example above, the user "Klaus" is logged on and has the user right with ID
= 1. This allows him to view and edit the other users.
4. Also adapt the group rights for the groups "Shift supervisor" and
"Service".
2. Create a new user in the "Shift supervisor" group with the name "Paul". Then
assign a password.
3. Create a new user in the "Service" group with the name "Mary". Then assign a
password.
4. Compare the authorizations of the group with those of the user in this group.
Exercise 1. In the Start.pdl, add two buttons and label them with "Login and "Logout".
3. Add a static text and connected with the system tag @CurrentUser. This tag is
generated as an internal tag (string tag) when a project is created.
With this function, a standard user could be logged in automatically when WinCC
Runtime starts. To do this, the C script must be configured for the picture selection
of the start picture event.
Login tag With this function, a user can be logged in very easily via the controller. To do this,
a process tag must be defined. Depending on the value of this tag, different users
can be logged in automatically. This, for example, allows a user to be logged in to
WinCC Runtime via a key switch connected to the controller.