Description You would like to ensure minimum availability of your operator control and monitoring system after powering up and during operation, without having to use the login box. However, you would also like to retain the login function for higher-order operations. In addition, when an operator, such as the administrator, logs out, a default user is to be logged in automatically. The default user's rights are to be assigned in the user administrator in accordance with your wishes.
These instructions describe three options for automatic login:
Warning
Carelessly assigned operation authorizations is a significant source of security risks.
Therefore, prior to configuration, draw up an operation concept to exclude unauthorized operation in advance.
Procedure with a C function
Note When logging in using a C function, you should provide the C code with know-how protection, because the password is stored legibly in this case.
More information about this is available in Entry ID 16526306.
No.
Procedure
1
Open your project with WinCC Professional V11.
2
Create a new C function under "Scripts > C Scripts > Add new C function".
3
Insert the script code from the file below into this function. SilentLogin.pdf ( 1 KB )
4
In the line "PWRTSilentLogin ("Login","Password");" you replace the user data that of your default user.
5
Compile and save the C function.
6
Open the project's scheduler.
7
Insert a new task of the "Function list" type and name it "SilentLogin".
8
In the "Properties" tab of the inspector window go to "Properties > General" and define the "Tag trigger" option for the "Starting time". Then as trigger tag you define "2s" for the "Cycle" of the "@CurrentUser" tag.
Fig. 01
9
In the "Events" tab you add the C function.
Fig. 02
10
Make sure that you have enabled the "Tasks in Runtime" option in "Runtime settings > Services".
Table 01
Procedure with "Dynamic login"
No.
Procedure
1
Open your project with WinCC Professional V11.
2
Create an internal "Login" tag of the "USInt" type.
3
Open the user administration by going to "Runtime settings > User administration".
4
In the "HMI device" column you select the name of the PC station and in the "Tag" column you select "Login".
Fig. 03
5
Open the user administration by going to "User administration".
6
Create a new user called "DefaultUser" including the password.
Note
Alternatively you can also enter another user.
7
Enable the "Dynamic logon" option for the "DefaultUser" user and assign a "User ID".
Fig. 04
8
Depending on the value of the "Login" tag or the assigned user ID the "DefaultUser" user will now be logged on automatically.
Table 02
Procedure when using SIMATIC Logon
Note When using SIMATIC Logon you must make sure that no script is enabled in which the "PWRTSilentLogin" function is used.
No.
Procedure
1
Open your project with WinCC Professional V11.
2
Go to "Runtime settings > User administration" and enable the "SIMATIC Logon" option.
3
In the user administration select the "User groups" tab and create a new group with the name "DefaultGroup" (the system then automatically creates the "Default User" user).
4
Assign the "Default User" user the required authorizations.
5
In the Configure SIMATIC Logon dialog enable the "Use the following data if the user is not explicitly logged on:" option.
Fig. 05
Note
Alternatively you can enter another group/user in this dialog.
Table 03
Creation environment The screens and downloads in this FAQ were created with WinCC Professional V11 SP2.
Additional Keywords
Silent Login, Autologon, Default User
How do you assign user authorizations in WinCC (TIA Portal) faceplates?
Description Faceplates have a dynamic and a static interface. The dynamic interface is for changing the faceplate's properties during runtime. The parameters of the static interface can only be set in the development environment (WinCC (TIA Portal)) and cannot be changed in runtime.
The assignment of user authorizations (for an IO field, for example) in a picture object is done exclusively via the static interface.
Instructions Create a PID controller in which the change of controller parameters and the use of the controller is protected by user authorizations.
No.
Procedure
1
Add text fields and IO fields
Add five IO fields and five text fields.
Change the object names of the IO fields to "IO-P", "IO-I", "IO-D", "IO-Setpoint Value" and "IO-Actual Value".
Change the object names of the text fields to "Text field-P", "Text field-I", "Text field-D", "Text field-Setpoint Value" and "Text field-Actual Value".
Change the texts of the text fields to "P", "I", "D", "Setpoint Value" and "Actual Value".
Fig. 01
2
Creating faceplates
Mark all the objects in the screen by sweeping a frame over the objects with the mouse with the left button pressed.
Right-click to open the pop-up menu.
Select "Create faceplate".
Fig. 02
3
Add category and properties (optional) Points 3 and 4 are not relevant for assigning user authorizations and can be executed purely for the sake of completeness. If you wish to skip these points, then go straight to Point 5.
Change the name of the "Properties_Faceplates" category to "Controller Parameters". For this you right-click the "Properties_Faceplates" field and in the pop-up menu that opens you select "Edit".
Add three properties of the "INT" data type designated "P", "I" and "D".
Create a new category designated "Process Values".
Add two properties to this category designated "Setpoint Value" and "Actual Value", each of the "INT" data type.
Fig. 03
4
Connect properties
Mark the "Process Value" property under "IO-Setpoint Value > General" and use drag-and-drop to link this to the "Setpoint Value" property of the faceplate's "Process Value" property.
Now repeat the procedure just described for all the other properties.
Fig. 04
5
Create property for user authorization
Create a new category designated "Block Access Rights".
Create two new properties designated "Controller Parameter Change" and "Controller Operation".
Fig. 05
6
Connect properties
Mark the "Authorization" property under "IO-Setpoint Value > Safety" and use drag-and-drop to link this to the "Controller Operation" property of the faceplate's "Block Access Rights" property.
Repeat this for the IO fields "P", "I" and "D" and connect their authorizations to the "Controller Parameter Change" property.
Check the connections of the "Controller Operation" property by clicking on the connecting line (1). The connecting lines are highlighted in blue.
Close the faceplate editor (2).
Fig. 06
7
Definition of the authorizations
Open the "User Administration" in the project navigation.
Select the "User Groups" tab.
Add the "Change parameters" authorization in the "Authorizations" window.
Fig. 07
8
Definition of the user groups
Add the "Technologists" group in the same window.
Assign the "Operation" and "Change Parameters" authorizations to this group.
Add the "Operators" group.
Assign the "Operation" authorization to this group.
Fig. 08
9
Create users
Switch to the "Users" tab.
Create a new user designated "Technologist_1" and then assign a password ("100", for example) to this user.
Assign the "Technologists" group to this user.
Create another new user designated "Operator_1" and then assign a password ("200", for example) to this user.
Assign the "Operators" group to this user.
Fig. 09
10
Assign user rights
Switch to the screen with the faceplate instance.
Open the "Properties" of the faceplate.
Select the "Block Access Rights" category under "Interface".
Note All the properties of the dynamic and static interfaces are listed under "Interface".
Select the "Change Parameters" user right for the static interface "Change Controller Parameters".
Repeat the procedure for the "Controller Operation" interface selecting the "Operation" user right.
Fig. 10
11
Create and connect tags (optional) This step is not relevant for assigning user authorizations and can be executed purely for the sake of completeness. If you wish to skip this point, then go straight to Point 12.
Create five tags of the "INT" type in the tag editor.
Connect the tags to the properties in the dynamic interface under "Properties > Interface".
Fig. 11
12
Verifying runtime
Start the simulation by means of the "Start simulation" icon.
Click the IO field for "Setpoint Value". The input window for entering users and passwords opens.
Enter a user, "User_1", for example, and the appropriate password.
Start runtime on the PC
Start simulation
Fig. 12
Download The download contains the sample project described above including the optional steps.
Important The sample program is freeware. Any user can use, copy and forward this program FREE OF CHARGE. The authors and owners of this program take no responsibility whatsoever for the functionality and compatibility of this software. Use of the script is at the user's own risk. Since this software is free of charge, there is absolutelyno warrantynor entitlement to error correction and hotline support.
Runnability and test environment The following table lists the components that have been used to create this entry and verify the functions described.
Components
Product and version designation
PC operating system
Microsoft Windows 7 Enterprise
Standard tools
-
Engineering tool
-
HMI software
WinCC Professional (TIA Portal)
HMI system
TP1200 Comfort
Keywords
Faceplate, User administration
How can you implement login/logout with a button in WinCC Runtime Professional V11 onwards?
SilentLogin.pdf
Suggestion for the entry