Set up user accounts on the Security Administration
dialog box for everyone who interacts with the HMI device, and assign each user a password and/or PIN. Use the Policies
tab on the Security Administration
dialog box to create security policies, such as password complexity and length, to enforce password strength.

Use the Guest user account to restrict users who are not logged in to be able to view only certain screens, or limit their access to viewing only the
Home
screen. Assign the Guest User any role except the Administrator
role to prevent any non-Administrator user, including Guest users, from changing settings on the HMI device. This prevents any non-Administrator user from performing tasks such as rebooting the HMI device.

Security for individual screens, shortcuts, and popups

Access to HMI screens is based on user roles, and not specific users. A role is comparable to a Windows user group. When creating a user account for each user, assign the user a role.

By default, all users on HMI devices have access to these items in the Project Explorer:

Shortcuts in the Navigation Menu
folder.

Screens and popups in the User-Defined Screens
and Predefined Screens
folders. Navigate to these items on the HMI device by triggering an event with a navigation command. Users who do not have the Administrator role have read-only access to the Settings
screen and related popups in the Predefined Screens
folder.

The root-level folder of a project is assigned
Full Access
, which gives users access to all items regardless of role. The Navigation Menu
, User-Defined Screens
, and Predefined Screens
folders inherit security access from the root folder. The Settings screen and its related popups in the Predefined Screens
folder have Ready Only access for any user who does not have the Administrator role.

Each folder and screen has a Security
category, which provides a way to select the level of access for each role for individual screens or the contents of a folder.

Security for graphic elements

There are two ways to secure graphic elements on a screen:

Enabled
property in the
Appearance
category. When you clear the Enabled
property check box for the graphic element, it disallows touch and key events for that graphic element and shows as cross-hatched regardless of the Security > Access
property setting for the screen. For example, use this method if, during a particular machine state, the HMI designer wants the graphic element disabled. This is generally used with binding and controlled at runtime.

Access
property in the
Security
category
.
The
Security > Access
property works with the Enabled
property and the cross-hatch functionality of graphic elements. When Access
is set to Inherit,
the graphic element uses the current screen Security
setting to determine if it should be enabled or disabled and cross-hatched. For example, if the screen is Read Only
, Access
is set to Inherit
, and the Enabled
property is selected, the graphic element is disabled and displays cross-hatched. If the current screen security changes to Full Access
, the graphic element is enabled and the cross-hatch does not show.

When Access
is set to Full Access
, the graphic element uses the state of the Enabled
property to determine if it is enabled or disabled and displays cross- hatched regardless of the current screen Security
setting. For example, use this if the HMI designer wants a button with a screen navigation command to be enabled and active even if the screen Security
level is Read Only
so that the operator can navigate the project in Read Only mode. Use this capability with caution because all commands, not just screen navigation, for the button are enabled in this mode.

Security for downloads to the HMI device

The HMI Device
screen in the
Predefined Screens
folder provides a way to prevent overwriting the runtime application in the HMI device. Clear the
Allow Downloads and Firmware Updates
check box on the HMI Device screen to prevent the download of a project or an update of the firmware on the HMI device.

Set security

Provide Feedback

Have questions or feedback about this documentation? Please submit your feedback here.