ABB HMI security features with panel builder 600

security features restrict unauthorized access of your hmi. in abb cp600 hmi have security features. you add security for your widget component, data transfer access alarm reset, alarm acknowledgment, ON or OFF process etc.abb hmi have role based access control that allows user for different role for example you can assign a user group to operate hmi or user configuration setting of your hmi. each group in abb hmi has specific authorization and permission. in security you also add session of user for particular time this give extra security features to your hmi.

how to enable security feature for abb hmi

enable securty in in a project view right click on security and select enable. your security will enable for your hmi

configuration of groups and authorization for abb hmi

panel builder have default user groups available admin, guest and unauthorized. when you enable security open security and double click on user groups. in user group have default group but you can also add other user group like operator, controller etc.

how to add a new user group in abb panel builder

panel builder project view select double click on security and than double click on user group. user group editor open click + to add user group. enter following parameter for your user group

• Name: name of user group.
• authorized: select true or false
  • True: Authorization granted
  • false: Authorization not granted
• home page: Page displayed when users belonging to this group log in
• use last visit:When selected, the last page displayed by the previous user will be displayed when users belonging to this group log in
• Comments: comments or discription of user group
• Authorization Settings: Opens the Admin Authorization dialog to set access permissions.

how to configure user for abb hmi

configure user for abb hmi go to project view than double click on security and open user. a user editor open admin is a default user and password for admin is admin. but you can also add user in this editor. to add user click to + and than select following parameter setting for you user.

• Name: name of user.
• Default User: if selected user automatically logged in when the system is started or after another user logged off. only one default user allowed in abb hmi.
• Inactive: if selected user no longer be able to log in.
• Group: select user group for your user.
• Password: enter User password. this password will never be displayed. Passwords are encrypted and cannot be retrieved not even for specialized technicians.
• comments: enter user description as comments
• Exception: Allows to change the values forced from the User Settings parameters
• Change Initial Password: user forced to change password at first log in.
• Logoff time (minutes): user logged off after logoff time if user is inactive.
• Password minimum length set minimum length of password
• Must contain special characters: if true Password must contain at least one special character
• Must contain numbers: if true Password must contain at least one numeric digit
• Must contain lower case and upper case: if true Password must contain lower case and upper case
• Password cannot be reused: if true The new password must be different from the last 3 used passwords
• Password aging (weeks): set Number of weeks before forcing a password change (1/52 weeks)
• Warning (days) :Show a warning message before password expires (1/30 days)

user setting in abb hmi

you can also define user parameter to all user.in user editor open user setting and define parameter like password setting, session management etc. Users with the Exception flag checked are not force to use the common parameters.

how to Set access permissions abb hmi user

access permission setting allowed user to access property, values, action of abb hmi pages, widget component, tag etc. in access permission you can manage user access authorization to set access permission first create or select user group. in a user group editor click to authorization setting a dialog open. in this dialog following settings are possible

Possible settings are:
• Full Access to enable read/write access to the widget
• Read Only to enable read only access to the widget
• Hide to hide widget for selected group

in a authorization setting dialog set access permission of action, tag, widget etc. following tabs are available

• Widget tab: In the Widget tab you can define widget access options at project level, at page level or at widget level for all the widgets used in the project. Use Base settings to set default permissions at project level.
• Action permissions In the Action tab you can define action authorizations at project level, at page level or at widget level. Actions can be either Allowed or Not Allowed.
• Tag permissions For each group of tags, you can define the Read/Write access rights
• FTP authorizationsIn the Ftp tab you can set specific authorizations for the FTP server.
• HTTP authorizations In the HTTP tab you set restrictions to HTTP access to the web server integrated in HMI Runtime.Wildcards can be used to identify a range of IP addresses. For example, the two following rules set the HMI device unit can only be accessed by all the IP addresses 192.168.*.* on your local network in which only the IP address of 192.168.1.20 can access the device without entering a login name.