Use FactoryTalk Security with the Logix Designer application
Use
FactoryTalk Security
software to control access to projects and controllers based on:- The individual user logged into a workstation
- The project the user is attempting to access
- The workstation from which the user is attempting to access the projectTIP:The security feature is primarily intended to prevent accidental unauthorized access to projects and controllers. While the feature does provide some protection against intentional unauthorized access, it is not intended to provide protection against sophisticated system hackers. Exercise additional precautions against such unwanted access.
FactoryTalk Security
grants or denies access based on:- User ID (that is, the user’s login name)
- Workstation ID
- Action name (that is, the activity the user is trying to perform, such as tag modification, or processor mode change)
- Resource name (that is, controller name)
In addition, group resources, actions, persons, and workstations via access control lists, which define certain characteristics to determine access levels.
Launching the
Logix Designer
application from a Remote ComputerEnabling users to launch the application from a remote computer may require changing the default security settings in the
FactoryTalk
Network Directory. When logging on remotely and trying to launch the application, the application prompts the user to
Log On to
. After providing the proper credentials, the user still cannot log on. This access issue happens because of the default setting of the FactoryTalk
Require computer accounts for all client machines
policy and because the remote computer is not in the FactoryTalk Directory
computer list.To resolve the remote access issue:
- Add the remote computer to theFactoryTalkNetwork Directory or
- Change the security policy setting,Identify terminal server clients using the name of, toServer Computer.
For details see
Set up security policies and Add a computer account
in the FactoryTalk Administration Console
Help.
TIP:
In the case where a
FactoryTalk
administrator logs on to the FactoryTalk
Network Directory with Single Sign-on enabled, the client launches the Logix Designer
application using the active administrator account. For details see Single Sign-on
in the FactoryTalk Administration Console
Help.The
Logix Designer
application and FactoryTalk Security
When used with the
Logix Designer
application, FactoryTalk Security
supports Product Policies, Securable Actions, and Permission Sets. Configure these FactoryTalk Security
settings in the FactoryTalk Administration Console
. Product Policies do not tie to a specific project, and may include:
- Securing the controller
- Creating a new project (either through theNew Controllerdialog box, or through the Translator Tool utility)
- Updating firmware
Securable Actions perform specific tasks on a specific project or group of projects, and may include:
- Viewing a project
- Going online
- Creating tags
- Creating modules
- Creating, modifying, and deletingEquipment Phases andEquipment Sequences
Permission Sets configure:
- Security permissions for users, computers, or groups, including Guest User permissions that apply to one or more controllers.
- Restricted access to specific project components.
In a safety controller project, specify additional protection to safety components. For example, to create a safety program, have access granted for both of these securable actions:
- Safety: Modify Component
- Program: Create
The
Logix Designer
application: - Obtains security settings from theFactoryTalkNetwork Directory.
- Does not use RSSecurity Emulator, but other software that theLogix Designerapplication uses may require RSSecurity Emulator.
- Does not supportFactoryTalkLocal directory.
- Supports associating the project with a specificFactoryTalk DirectoryinFactoryTalk Services Platformversion 2.50 (SR5) or later.
Provide Feedback