Starting with TIA Portal V19 an additional level of secure access to SIMATIC PLCs with FW 3.1 can be reached be defining users and their rights on the PLC explicitly. Before, only a single password is used to download and run other operations modifying the PLC state. With UMAC it is not required anymore to share this password between all operators which are allowed to modify the PLC state.
These steps provide a basic user management and access control setup. For more advanced techniques and details, refer to the manual of TIA Portal.
1. Verify that access control is enabled for the PLC
* Select your PLC in the project navigator. In the properties folder (output pane or context menu of the PLC), go to "Protection & Security" > "Access control" (1). * Ensure that access control is enabled (2). 2. Define a user role 'CanDownloadRole'
To define a user role 'CanDownloadRole' follow the steps: 1. Open "Users and roles" in the "Security settings" group of the project navigator. 2. Select the "Roles" folder. 3. Create a role named 'CanDownloadRole'. 4. In the "Runtime rights" folder, expand the tree to locate your PLC. 5. Select the PLC and assign the function right "Full Access" to the 'CanDownloadRole' role. 3. Define a user and assign the role 'CanDownloadRole'
To define a user with the 'CanDownloadRole' follow the steps: 1. In the "Users and roles" view, select the "Users" folder. 2. Add a local user with the desired username (e.g. 'myUserName') and set a password. 3. In the "Assigned roles" folder, select the 'CanDownloadRole' role for the user (4). In case you want to limit access for a compare or other read operations for some users, perform these steps again for the role 'CanReadFromPlc' with the runtime right Read Access and assign it to those user.
Finally, download the new configuration to the PLC.
Note that the Engineering rights in the TIA Portal project do not apply to SIMATIC AX tools.