Use FactoryTalk Security with the Logix Designer application
Use
FactoryTalk Security
software to control access to your projects and controllers based on:- The individual user logged into a workstation.
- The project the user is attempting to access.
- The workstation from which the user is attempting to access the project.TIP:The security feature is primarily intended to prevent accidental unauthorized access to your projects and controllers. It is important to note that while the feature does provide some protection against intentional unauthorized access, it is not intended to provide protection against sophisticated system hackers. You should exercise your own additional precautions against such unwanted access.
FactoryTalk Security
grants or denies access based on this information.- User ID (that is, the user’s login name)
- Workstation ID
- Action name (that is, the activity the user is trying to perform, such as tag modification, or processor mode change)
- Resource name (that is, controller name)
In addition, you can group resources, actions, persons, and workstations via access control lists, which define certain characteristics to determine access levels.
Launching the
Logix Designer
application from a Remote ComputerEnabling users to launch the application from a remote computer may require changing the default security settings in the
FactoryTalk
Network Directory. When logging on remotely and trying to launch the application, the user is prompted to
Log On to
. After providing the proper credentials, the user is still unable to log on. This happens because the policy FactoryTalk
Require computer accounts for all client machines
is enabled by default and the remote computer is not in the FactoryTalk Directory
computer list.To resolve the remote access issue:
- Add the remote computer to theFactoryTalkNetwork Directory or
- Change the security policy setting,Identify terminal server clients using the name of, toServer Computer.
For details see
Set up security policies and Add a computer account
in the FactoryTalk Administration Console
Help.
TIP:
In the case where a
FactoryTalk
administrator is logged on to the FactoryTalk
Network Directory and Single Sign-on is enabled, the client launches the Logix Designer
application using the active administrator account. For details see Single Sign-on
in the FactoryTalk Administration Console
Help.The
Logix Designer
application and FactoryTalk Security
When used with the
Logix Designer
application, FactoryTalk Security
supports Product Policies, Securable Actions, and Permission Sets. These FactoryTalk Security
settings are configured in the FactoryTalk Administration Console
. Product Policies are not tied to a specific project, and may include:
- Securing the controller
- Creating a new project (either through theNew Controllerdialog box, or through the Translator Tool utility)
- Updating your firmware
Securable Actions let you perform specific tasks on a specific project or group of projects, and may include:
- Viewing a project
- Going online
- Creating tags
- Creating modules
- Creating, modifying, and deletingEquipment Phases andEquipment Sequences
- Creating tag-based alarms
Permission Sets let you configure:
- Security permissions for users, computers, or groups, including Guest User permissions that can be applied to one or more controllers.
- Restricted access to specific project components.
In a safety controller project, you can specify additional protection to safety components. For example, to create a safety program, you need to have access granted for both of these securable actions:
- Safety: Modify Component
- Program: Create
In the
Logix Designer
application: - Security settings are obtained from theFactoryTalkNetwork Directory.
- FactoryTalk SecurityEmulator is not used by theLogix Designerapplication but may be required by other software.
- FactoryTalkLocal directory is not supported.
- FactoryTalk Services Platformversion 2.50 (SR5) or later supports associating the project with a specificFactoryTalk Directory.
- Starting with theLogix Designerapplication v34.01 and FactoryTalk Services Platform v6.30, users have the option to implement the Auto-Logout security feature, which logs users out after 15 minutes of inactivity. Users must log back in to continue working. To change the default settings of Auto-Logout, accessFactoryTalk Administration ConsoleSession Settings.
- Auto-logout is disabled by default.
- Fifteen minutes is the default idle time. This time can be set between 1 and 999 minutes.
- If long-lasting operations, such as downloads, are in process, Auto-Logout will not occur until the operations complete.
- You will not be given the option to save work before auto-logout occurs. If FactoryTalk Security was applied to the project, open windows, such as routines and Add-On Instructions, can close, but unsaved changes are not lost. When you log back in, editors open in the same state that they were closed.
- Auto-logout does not affect existing security tokens. Functions and clients that do not require user interactions are not affected.
- A message informs you when you have been logged out due to inactivity. SelectOKto view a login window to enter your login credentials. If the single sign on (SSO) option is enabled inFactoryTalk Diagnosticssettings, selectingOKautomatically logs you back in.
Provide Feedback