Configure security for the controller

Use the settings on the
Security
 tab of the
Controller Properties
dialog box to configure security, trusted slots, and change detection for the controller.
The settings on the
Security
 tab are unavailable when:
  • The user does not have security permissions to edit the controller settings.
  • The controller is operating in
    Hard Run
     mode.
    TIP:
    Only
    FactoryTalk Services Platform
     2.50 or later supports associating a project with a specific security authority. The
    FactoryTalk Security
     settings are configured in the
    FactoryTalk Administration Console
     in the
    FactoryTalk
     Network Directory. This setting is enabled when permission is set to
    Allow
    for Product Policy
    Logix Designer
    \Controller: Secure
    .
To configure security for the controller:
  1. In the
    Controller Organizer
    , right-click the controller name and select
    Properties
     to open the
    Controller Properties
     dialog box.
  2. Click the
    Security
     tab.
  3. In the
    Security Authority
     box, select
    FactoryTalk Security
    .
      1. To associate this project with a specific Security Authority, select the
        Use only the selected Security Authority for Authentication and Authorization
         check box. When this check box is selected, users interacting with this project must be authenticated and authorized by either the primary or the secondary Security Authority.
        IMPORTANT:
        Before associating this project with a specific Security Authority,
        Rockwell Automation
         recommends backing up the
        FactoryTalk Directory
         and save unsecured versions of this project file in (. ACD) or (.L5X or .L5K) formats. For details about backing up a
        FactoryTalk Directory
        , see
        FactoryTalk
         Help:
        Start > Programs > Rockwell Software >
        FactoryTalk
         Tools >
        FactoryTalk
         Help
        .
      TIP:
      The secondary Security Authority can only further deny permissions that are allowed by the cached Guest User permissions. The secondary Security Authority cannot grant permissions that are denied by the cached Guest User permissions.
      Select a
      Secure With
       option:
      • To associate the project with a Logical Name in
        FactoryTalk Services Platform
        , select
        Logical Name
        <Controller Name>
        . If there is no existing Logical Name that matches the controller name, the
        Logix Designer
         creates a new Logical Name with the controller's name and it inherits permissions from its parent resource.
      • To associate the project with a Permission Set configured in
        FactoryTalk Services Platform
        , select
        Permission Set
         and select a permission set from the list.
  4. Select the
    Restrict Communications Except Through Selected Slots
     check box to require communication through trusted slots. Only the slots selected under
    Select Slots
     are trusted communication paths for communication from
    Logix Designer
    ,
    RSLinx Classic
    , and
    FactoryTalk Linx
    .
  5. Under
    Select Slots
    , click slot numbers in the grid to trust them for use with this controller.
    TIP:
    Trusted slots are only available on
    ControlLogix
     5570 and 5580 controllers.
For more information about communication paths and trusted slots, see
Failed to go online with the controller > Communications path not trusted by the controller
.
Failed to go online with the controller > Communications path not trusted by the controller
  1. To open the
    Configure Changes to Detect
     dialog box, click
    Configure
     and then select the check box for the events in the list that you want to monitor. Change detection is unavailable on the
    Studio 5000 Logix Emulate
     Controller.
  2. Click
    OK
    .
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.