Protection
9.2 Configuring access protection for the CPU
Automation system
System Manual, 12/2017, A5E03461182-AE
195
Parameterizing the procedure at access levels
To configure the access levels of an S7-1500 CPU, follow these steps:
1.
Open the properties of the S7-1500 CPU in the Inspector window.
2.
Open the "Protection" entry in the area navigation.
A table with the possible access levels appears in the Inspector window.
Figure 9-1
Possible access levels
3.
Activate the desired protection level in the first column of the table. The green check
marks in the columns to the right of the respective access level show you which
operations are still available without entering the password. In the example (see above),
read access and HMI access is still possible without a password.
4.
In the "Enter password" column, specify a password for the access level "Full access" in
the first row. In the "Confirm password" column, enter the selected password again to
guard against incorrect entries.
Ensure that the password is sufficiently secure, in other words, that is does not follow a
pattern that can be recognized by a machine!
5.
Assign additional passwords to other access levels as needed, if the selected access
level calls for this.
6.
Download the hardware configuration for the access level to take effect.
The CPU logs the entry of the correct or incorrect password and any changes in the
configuration of the access levels by a corresponding entry in the diagnostics buffer.
Behavior of a password-protected CPU during operation
The CPU protection takes effect after you have downloaded the settings to the CPU.
Before an online function is executed, STEP 7 checks the necessary permission and, if
necessary, prompts the user to enter a password. The functions protected by a password
can only be executed by one programming device/PC at any one time. Another programming
device/PC cannot log on.
Access authorization to the protected data is in effect for the duration of the online
connection or until you have rescinded the access authorization manually with "Online >
Delete access rights".
You can limit access to a password-protected CPU in the RUN mode locally in the display so
that access with a password is also not possible.
Summary of Contents for Simatic S7-1500/ET 200MP
Page 1: ......