Siemens wincc hmi user management configuration in tia portal

The user management allows to set up access protection for data and functions within the Runtime to protect the applications against unauthorized operation. in industry automation play very important role.in hmi we able to monitor and operate these process accordingly, the processes are visualized through HMI operator panels. if hmi operated by any unauthorized persons can directly manipulate the process or steal know-how.To prevent this process have to be protected against unauthorized access. WinCC (TIA Portal) allows you to implement this feature using the integrated user administration and thus increase the security of the facility. in this article we understand wincc hmi user management configuration in tia portal with simple example.

---

what is Users, user groups and authorizations in wincc hmi?

USER A user is an individual or entity that interacts with a HMI application. You can create different type of user in hmi. Each user can have specific roles or permissions based on their account type. for example a user operator is only Responsible for operating machinery or systems during a shift. an operator user have No access to modify system configurations or view sensitive data.
user groups
A user group is a collection of users in a system who share similar roles, responsibilities, or permissions. It is a mechanism used to simplify the management of access control by grouping users with common access needs. User groups make it easier to assign and manage permissions, especially in complex systems with many users.

authorizations
Authorization is the process of determining whether a user or a system has permission to access specific resources, perform particular actions, or use certain functionalities within an application or system. It defines what a user can and cannot do after they have been authenticated (i.e., their identity has been verified).

---

configure user and user group in wincc tia portal

open wincc tia portal and in project navigation double click "User administration". a user administration window open. here you can add, create, delete or modify user, user group. for creation of user in this window follow these step

• in users tab double-click to Add new in the Users table.
• A new user is created automatically with default user data. you can rename if requred.
• enter password of user and confirm password
following steps are not mandatory you can change if you want otherwise all default settings of the user data were retained.
• select or deselect automatically logoff.
• set log off time of user.
• enter number if required
• enter comment of user for reference

---

---

in wincc tia portal The user groups "Administrator group" and "Users" are already configured by default and can be renamed but not deleted. For configuration of user group in wincc tia portal follow these steps

• select group tabs
• double click to add new
• A new user group is created automatically. Change the name of user group
• enter display name of the new user group.

---

---

how to assign user to user group

in this step we assign user to user group. we already create operator1 and operator 2 user and we assign both user to operator group.All newly created users are assigned to the "Users" group by default. follow these steps to assign user in user group

• in the project navigation double click "User administration".
• select user which you want to add in group. here we add operator1 and operator 2 in operator group.
• In the "Groups" table, you can see the current user group to which the user operator1 and operator 2 is assigned. select operator group for both user one by one.

---

---

wincc tia portal Configuring and assigning authorizations

in authorizations we set permission to access specific resources, perform particular actions, or use certain functionalities within an application or system. for configuring authorizations first create authorization and then assign authorization to create authorization follow these steps

• in project navigation. Next double click "User administration".
• select user group tab
• Double-click "Add new" in the "Authorizations" table to create a new authorization.
• The new authorization "Authorization_1" is created automatically. rename if you want.The authorizations "User administration", "Monitor" and "Operate" exist by default. They can be renamed but not deleted.
• Change the name and the display name of the new authorization.

---

---

after creating authorization next to assign authorizations to a user group. follow these steps

• select group for assigning authorization
• In the "Authorizations" table, you can see the currently assigned authorization "Operate". All newly created user groups have the "Operate" authorization assigned to them by default.

---

---

Adjusting the Runtime settings for user administration

in runtime of hmi you can alse change user administrator setting. Open runtime setting from prject navigation and select user administration here you setting for runtime.

---

---

wincc hmi Logging in and out via button

in a screen add two button and rename button to login and logout as shown in below image.

---

---

now in login button property select button press event and Open the dropdown list box and navigate to "User administration" Select the "ShowLogonDialog" function. The login dialog has thus been configured.

---

---

now select logout button. open button press event property in drop down select user administration and then select logoff.

---

---

In the Runtime, when you press login button a login dialog open with user name and password here enter user name and password to login. for log off simply press log out button current user log off. An incorrect login attempt causes the system to display the message "Invalid password or user name".

---

---

wincc get current display current user name

you can get user name in runtime by a system function. first configure tag for username. open tag table and add a tag to store user name. add username tag in tag table select wstring data type, change length to 50.

---

---

now add a button and rename to get user name. add a input output field and select username tag to input output field.

---

---

select get user name button and open event property select drop down in user administration select get username select username tag.

---

---

now start runtime. press to login button and enter user name and password and press ok when you press get user name current login user name show in input ouput field.

---

---

wincc Configuring access protection and user display

Access protection refers to a set to prevent unauthorized access to resources, systems, or data. Its primary goal is to ensure that only authorized users can interact with or modify process. to setup access protection of any item select item open item property. in item property select security. Under Runtime security, click the dropdown list box and select the authorization group.

---

---

When the button is pressed or operated during the Runtime, the login dialog opens prompting the user to log in unless the user is already logged in. If the user authentication has been successful, the configured system function is executed otherwise item is disabled. item enable only if login success fully to user.