Security for networks and devices is not working as expected

When importing security settings for

RSLogix 5000

devices from RSSecurity Server, you must edit security settings for the device in the

Resource Editor

. The imported devices do not necessarily appear in the Networks and Devices tree.

Control networks and drivers configured with identical names on multiple computers are displayed in the Networks and Devices tree on each computer. If the same physical networks and devices are configured with different names on multiple computers, the Networks and Devices tree on each computer shows only the devices configured from that computer.

Security applied to a control network or device on one computer is shared on other computers in the system, as long as all computers are configured to use the same network and device names.

Security applied to a network or device on one computer is not shared on other computers if different network or device names are used. This can cause a single device to have multiple security settings, with each setting specific to the computer where security was applied.

Security applied to a network or device identified by one network relative path is not shared with other paths if different network or device names are used. This can cause a single device to have multiple security settings on the same computer, with each setting specific to its relative path.

Control network security is shared only if all computers in the system are configured to use the same driver names. Security is not shared if different computers pointing to the same physical network use different driver names.

Control network security is shared if all computers in the system are configured to use the same driver names, even if the drivers point to different physical networks.

Control networks and devices inherit security permissions in the same way as other securable resources, which means that a device that can be reached from multiple paths can have multiple sets of security permissions. However, devices secured with logical names inherit from only the top of the Networks and Devices tree and above; they do not inherit security permissions from the hierarchy within the

Networks and Devices

tree. For example, a backplane does not inherit security permissions from its controller, and a controller does not inherit security permissions from its network.

Devices with identical defined logical names share security permissions across different computers and different control networks. For example, suppose Computer A can access a

PLC-5

over an Ethernet network, while Computer B can access the same device over DH+. If an identical logical name is defined as an alias for the

PLC-5

on both Computer A and on Computer B, then security configured for the device on one computer is shared on the other computer.

You must use logical names to configure security for

RSLogix 5000

controllers. In

FactoryTalk Administration Console

, open the properties for each

RSLogix 5000

controller displayed in the

Networks and Devices

tree and enter the device name, held in the controller, as a logical name. Repeat these steps on each computer on the network where you plan to configure security for control devices. Always create logical names for

RSLogix 5000

controllers before configuring security.

Security settings do not transfer between network relative paths and defined logical names, and do not transfer from one logical name to another. If security is configured on a control device, and then later you define a logical name for the device, you must also re-create the security settings using the new name. The original security settings remain associated with the network relative path and do not transfer to the new name. Likewise, if you change the logical name associated with a control device, you must also re-create security settings using the new name. Security settings do not transfer between logical names.

If you removed a network or device from a resource grouping, the network or device inherits security settings differently than when it was a member of the resource grouping: