Use FactoryTalk Security with the Logix Designer application

Use
FactoryTalk Security
 software to control access to your projects and controllers based on:
  • The individual user logged into a workstation.
  • The project the user is attempting to access.
  • The workstation from which the user is attempting to access the project.
    TIP:
    The security feature is primarily intended to prevent accidental unauthorized access to your projects and controllers. It is important to note that while the feature does provide some protection against intentional unauthorized access, it is not intended to provide protection against sophisticated system hackers. You should exercise your own additional precautions against such unwanted access.
FactoryTalk Security
 grants or denies access based on this information.
  • User ID (that is, the user’s login name)
  • Workstation ID
  • Action name (that is, the activity the user is trying to perform, such as tag modification, or processor mode change)
  • Resource name (that is, controller name)
In addition, you can group resources, actions, persons, and workstations via access control lists, which define certain characteristics to determine access levels.
Launching the
Logix Designer
 application from a Remote Computer
Enabling users to launch the application from a remote computer may require changing the default security settings in the
FactoryTalk
 Network Directory.
When logging on remotely and trying to launch the application, the user is prompted to
Log On to
FactoryTalk
. After providing the proper credentials, the user is still unable to log on. This happens because the policy
Require computer accounts for all client machines
 is enabled by default and the remote computer is not in the
FactoryTalk Directory
 computer list.
To resolve the remote access issue:
  • Add the remote computer to the
    FactoryTalk
     Network Directory or
  • Change the security policy setting,
    Identify terminal server clients using the name of
    , to
    Server Computer
    .
For details see
Set up security policies and Add a computer account
 in the
FactoryTalk Administration Console
 Help.
TIP:
In the case where a
FactoryTalk
 administrator is logged on to the
FactoryTalk
 Network Directory and Single Sign-on is enabled, the client launches the
Logix Designer
 application using the active administrator account. For details see
Single Sign-on
 in the
FactoryTalk Administration Console
 Help.
The
Logix Designer
 application and
FactoryTalk Security
When used with the
Logix Designer
 application,
FactoryTalk Security
 supports Product Policies, Securable Actions, and Permission Sets. These
FactoryTalk Security
 settings are configured in the
FactoryTalk Administration Console
.
Product Policies are not tied to a specific project, and may include:
  • Securing the controller
  • Creating a new project (either through the
    New Controller
     dialog box, or through the Translator Tool utility)
  • Updating your firmware
Securable Actions let you perform specific tasks on a specific project or group of projects, and may include:
  • Viewing a project
  • Going online
  • Creating tags
  • Creating modules
  • Creating, modifying, and deleting
    Equipment Phase
    s and
    Equipment Sequence
    s
  • Creating tag-based alarms
Permission Sets let you configure:
  • Security permissions for users, computers, or groups, including Guest User permissions that can be applied to one or more controllers.
  • Restricted access to specific project components.
In a safety controller project, you can specify additional protection to safety components. For example, to create a safety program, you need to have access granted for both of these securable actions:
  • Safety: Modify Component
  • Program: Create
In the
Logix Designer
 application:
  • Security settings are obtained from the
    FactoryTalk
     Network Directory.
  • FactoryTalk Security
     Emulator is not used by the
    Logix Designer
     application but may be required by other software.
  • FactoryTalk
     Local directory is not supported.
  • FactoryTalk Services Platform
     version 2.50 (SR5) or later supports associating the project with a specific
    FactoryTalk Directory
    .
  • Starting with the
    Logix Designer
     application v34.01 and FactoryTalk Services Platform v6.30, users have the option to implement the Auto-Logout security feature, which logs users out after 15 minutes of inactivity. Users must log back in to continue working. To change the default settings of Auto-Logout, access
    FactoryTalk Administration Console
    Session Settings
    .
    • Auto-logout is disabled by default.
    • Fifteen minutes is the default idle time. This time can be set between 1 and 999 minutes.
    • If long-lasting operations, such as downloads, are in process, Auto-Logout will not occur until the operations complete.
    • You will not be given the option to save work before auto-logout occurs. If FactoryTalk Security was applied to the project, open windows, such as routines and Add-On Instructions, can close, but unsaved changes are not lost. When you log back in, editors open in the same state that they were closed.
    • Auto-logout does not affect existing security tokens. Functions and clients that do not require user interactions are not affected.
    • A message informs you when you have been logged out due to inactivity. Select
      OK
      to view a login window to enter your login credentials. If the single sign on (SSO) option is enabled in
      FactoryTalk Diagnostics
       settings, selecting
      OK
      automatically logs you back in.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.