To assign a specific function right to a user, corresponding function rights need to be assigned to the user in the hardware declaration file.
An example file (example.hwl.json) could look like this:
{
"Devices": [
{
"Name": "Device1",
"Modules": [
{
"Name": "PLC_1",
"TypeIdentifier": {
"OrderNumber": "6ES7 516-3AP03-0AB0",
"Version": "V3.1"
},
"AccessProtection": {
"AccessLevel": "FullAccess"
},
"Services": [
{
"Type": "WebServer",
"Enabled": true,
"Parameters": {
"HttpsOnly": true
}
}
],
"UserManagement": {
"Users": [
{
"Name": "User1",
"AssignedRoles": [
"WebServerAccessRole"
]
},
{
"Name": "User2",
"AssignedRoles": [
"WebServerAccessRole",
"DownloadCapableRole"
]
}
],
"Roles": [
{
"Name": "DownloadCapableRole",
"FunctionRights": [
"AccessProtectionFullAccess"
]
},
{
"Name": "WebServerAccessRole",
"FunctionRights": [
"ReadPlcVariables",
"WritePlcVariables"
]
}
]
},
}
]
}
]
}
Users and their function rights are defined in the PLC's UserManagement property as seen in the sample above.
-
Under
Roles, you can define an arbitrary number of roles.- Each role is associated with one or more function rights.
- In the example above, 2 roles are defined with names DownloadCapableRole and WebServerAccessRole; and function rights are defined under the roles.
- For the function rights that may be assigned for the web server, see Web Server Function Rights
- For the function rights that may be assigned for the access protection, see Access Protection Function Rights
-
Under
Usersyou can define an arbitrary number of users.- The username
Everybodyis already created automatically when necessary, and it is forbidden to assign a role to it. ThereforeEverybodycannot be used as username. - Each user can be associated with roles.
- Each role assigned to a user via the
AssignedRoleslist must be defined in theRoleslist. - When one or more roles are assigned to a user, all the function rights from all the assigned roles are applied to the user.
- The username