dl-breadcrumbs__homedl-breadcrumb-item__separatorConfiguration and programmingdl-breadcrumb-item__separatorProgramming with CODESYSdl-breadcrumb-item__separator...dl-breadcrumb-item__separatorAutomation Builderdl-breadcrumb-item__separatorDownloading an Application to the PLC dl-breadcrumb-item__separatorHandling of Device User Management
dl-pagination__prev-inactivedl-pagination__prev-activedl-pagination__next-inactivedl-pagination__next-active
Handling of Device User Management
NOTICE

NOTICE
NOTICE
NOTICE

NOTICE

NOTICE

Recommendations for data protection

In order to minimize the risk of data security violations, we recommend the following organizational and technical actions for the system where your applications are running. Whenever possible, avoid exposing the PLC and control networks to open networks and the Internet. Use additional data link layers for protection, such as a VPN for remote access. Install firewall mechanisms. Restrict access to authorized people. Use high-strength passwords. At commissioning, change any existing default passwords and change them on a regular basis.

Use the security features supported by CODESYS and the respective controller, such as encryption of communication with the controller and intentionally restricted user access.

For devices which support a device user management, the device editor includes the “Users and Groups” and “Access Rights” tabs. When offered by the device, you can view the user management for the device here as well as edit it in synchronization mode (not in online mode). Here, you can grant or deny specific permissions on the controller to the defined user groups.

The device user management can already be set up in the device description.

In the ⮫ “Tab: Communication Settings ” of the device editor, users with administrator permissions can change the settings for the password policy and for the login lock.

Note the commands in the Online  Security. You can easily add, edit, or remove a user account on the controller where you are currently logged in.

In order for the “Access Rights” tab to be available in the device editor, the corresponding CODESYS option has to be selected in the device editor and unlocked in the device description. If the device editor is not available, then contact the manufacturer of the controller.

In order to grant access rights to a user group, first the users and user groups have to be configured on the “Users and Groups” tab of the device editor. User management first has to be set up on the controller before access rights can be configured on it. In case the user management of a device is not enabled yet, it can be enabled in the following way: Either by switching to the synchronized mode on the “Users and Groups” tab, or by adding a new user by means of the Online  Security  Add Device User command.

  • General information about device user management
  • First-time login on the controller in order to edit or view its user management
  • Setting up a new user in the user management of the controller
  • Changing of access rights to controller objects in the user management of the controller
  • Transferring and enabling a saved user management in offline mode from a DUM2 file to a controller
  • Configuring the password policy and login lock