Controller Properties dialog box - Security tab parameters

Use the Security
tab of the Controller Properties
dialog box to configure security settings for the controller. The table describes the parameters on the Security
tab. Some settings on the Security
tab are not available for all controller types and some require

FactoryTalk Services Platform

version 2.50 (Service Release 5) or later.

Setting	Description	Requirements
Security Authority	The FactoryTalk directory used to secure the project. If it is available, may also display a Unique Resource Identifier (URI). The URI is the name of the computer that is hosting the FactoryTalk Network Directory used to secure the project. For example, the Security Authority list might display: FactoryTalk Security <ComputerName>.	This setting is enabled when permission is set to Allow for Product Policy RSLogix5000\Controller: Secure . The FactoryTalk Security settings are configured in the FactoryTalk Administration Console in the FactoryTalk Network Directory.
Use only the selected Security Authority for Authentication and Authorization	This check box associates the project with a specific security authority. Select the check box to require users interacting with this project to be authenticated and authorized by the selected security authority. The security authority identifier must match. When associating a project with a specific security authority, it is associating the project with a specific FactoryTalk Network Directory that is identified by a security authority identifier. Projects that are secured and bound to a specific security authority cannot be recovered if the security authority identifier of the FactoryTalk Network Directory used to secure the project no longer exists. Otherwise, unauthenticated users must rely on Guest User permissions. IMPORTANT: Before associating this project with a specific security authority, Rockwell Automation recommends backing up the FactoryTalk Directory and saving unsecured versions of this project file in .ACD, .L5X, or .L5K formats in a secure location. TIP: When selecting this check box, Guest User permissions are cached within the project. The Logix Designer application uses Guest User permissions when the project is opened but not connected to the FactoryTalk Security Authority that secures the project. By default, all Guest User permissions are denied. Guest User permissions are configured in the FactoryTalk Services Platform .	This check box is not available when: No Protection is the selected Security Authority. FactoryTalk Services Platform is not version 2.50 (Service Release 5) or later. The user does not have security permissions to secure a project.
Secure With	Select a Secure With option: To associate the project with a Logical Name in FactoryTalk Services Platform , select Logical Name <Controller Name> . If there is no existing Logical Name that matches the controller name, the Logix Designer creates a new Logical Name with the controller's name and it inherits permissions from its parent resource. To associate the project with a Permission Set configured in FactoryTalk Services Platform , select Permission Set and select a permission set from the list. The listed permission sets are maintained using the FactoryTalk Administration Console and are used to identify a set of actions that are allowed or denied for a particular user and computer combination.	None
Restrict Communications Except Through Selected Slots	Select this check box to restrict communications through any slot that is not trusted. Only the slots selected under Select Slots are trusted communication paths for the controller. Clear the check box to allow the controller to communicate without communication restrictions. IMPORTANT: When this check box is selected, communications are restricted through USB or serial ports and firmware updates are restricted to trusted slots when using AutoFlash or ControlFLASH™ . Support is restricted for tools that require access to restricted data through class 3 connections. . For more information about communication paths and trusted slots, see Failed to go online with the controller > Communications path not trusted by the controller . Failed to go online with the controller > Communications path not trusted by the controller	Trusted slots are required for these products and features: Logix Designer application - to go online with the controller FactoryTalk Alarms and Events and external data RSLinx Classic or FactoryTalk Linx to communicate with the controller. Tip: This check box is only available on <CL> 5570 and 5580 controllers.
Select Slots	The Select Slots grid configures the trusted slots for the controller. When the Restrict Communications Except Through Selected Slots check box is selected, select at least one slot that is not occupied by the controller. If the chassis size for the project is known, the number of slots equal to the chassis size are displayed in the dialog box. Otherwise, 17 slots (0-16) are displayed in the dialog box. For more information about communication paths and trusted slots, see Failed to go online with the controller > Communications path not trusted by the controller . Failed to go online with the controller > Communications path not trusted by the controller	None.
Enable Controller Embedded Web Page	Select to enable access to web pages that track controller, network, and backplane performance. Access is disabled by default.	The check box is only shown for controller types that support controller web pages. The check box is disabled when online with the controller.
Enable Controller Embedded Web Page messages	When CIP Security overrides the web page setting and the overridden setting is different than the project setting, a red flag and this message is shown: The web page setting is overridden by CIP Security and is different than the project setting. When CIP Security overrides the web page setting and the overridden setting is the same as the project setting, this informational message is shown: The web page setting is overridden by CIP Security and is the same as the project setting.	Shows the information icon when CIP Security is overriding the Controller Embedded Web Page setting and the overridden setting is the same as the project setting. Shows a red flag warning icon when CIP Security is overriding the Controller Embedded Web Page setting and the overridden setting is different than the project setting. When online with the controller, the message only shows when connected to a controller and CIP Security has the controller's web page setting configured.
Changes To Detect	Identifies the types of events that cause the Audit Value box to change. By default, all event types cause the Audit Value to change, resulting in a default value of: 0xFFFFFFFFFFFFFFFF. Select Configure to open the Configure Changes to Detect dialog box to see a list of events that are monitored.	None.
Audit Value	A unique value generated when a project is downloaded to the controller or loaded from a storage device. This value is updated when an event occurs. Some events always cause an Audit Value change, while others are selectable in the Configure Changes to Detect dialog box. When the controller is offline, the Audit Value box is blank.	None.
Tracked State Value	A hexadecimal value that indicates the current state of tracked components. If a tracked component changes, the Logix Designer application updates this value to indicate that a component changed. When the controller is offline, this box is blank.	None.
View Components	Displays the Tracked Components dialog box.	None.

Controller Properties dialog box - Security tab

Configure security for the controller

Provide Feedback

Have questions or feedback about this documentation? Please submit your feedback here.