You are on page 1of 52

Contents

1 Structure of a user administration system ........................................ 1


1.1 Tasks of the User Administrator ................................................................ 2
1.2 Structure of the User Administrator ........................................................... 3
1.2.1 "File" menu ................................................................................................ 4
1.2.2 "User" menu .............................................................................................. 5
1.2.2.1 Adding a user ............................................................................................ 6
1.2.2.2 Copying a user .......................................................................................... 7
1.2.2.3 Adding a group .......................................................................................... 8
1.2.2.4 Deleting a user/group ................................................................................ 9
1.2.2.5 Changing the password........................................................................... 10
1.2.2.6 Web options............................................................................................. 11
1.2.2.7 How to change the name of a user or group........................................... 12
1.2.3 "Table" menu ........................................................................................... 13
1.2.3.1 Inserting an authorization ........................................................................ 14
1.2.3.2 Deleting an authorization......................................................................... 15
1.2.4 "Chipcard" menu...................................................................................... 16
1.2.5 "AddOns" menu ....................................................................................... 17
1.2.5.1 Variable Login.......................................................................................... 18
1.2.5.2 Assigning a computer to a tag................................................................. 19
1.2.5.3 Configuration ........................................................................................... 20
1.2.5.4 Assigning a user to a value ..................................................................... 21
1.2.6 Toolbar .................................................................................................... 23
1.2.7 Project window ........................................................................................ 24
1.2.7.1 Navigation window................................................................................... 25
1.2.7.2 Table window........................................................................................... 26
1.2.7.3 How to set an automatic logout for a user............................................... 28
1.2.7.4 How to activate the "Login Only Via Chipcard" function for a user ......... 29
1.2.8 Status bar ................................................................................................ 30
1.3 Procedures in User Administration.......................................................... 31
1.3.1 Overview of User Administration system structure ................................. 32
1.3.2 Selecting an authorization in other editors .............................................. 33
1.3.3 Operation during runtime......................................................................... 34
1.4 WinCC options for the User Administrator .............................................. 35
1.4.1 Extended "Chipcard" menu ..................................................................... 36
1.4.1.1 How to set the interface for the chipcard reader ..................................... 37
1.4.1.2 How to write to a chipcard ....................................................................... 38
1.4.1.3 How to check a chipcard ......................................................................... 39
1.4.2 Chipcard reader during runtime............................................................... 40
1.5 Overview of the Authorizations................................................................ 41
1.5.1 Standard authorizations .......................................................................... 42
1.5.2 PCS7 user hierarchies ............................................................................ 45
1.5.3 System authorizations ............................................................................. 47

www.cadfamily.com
Printout of theEMail:cadserv21@hotmail.com
Online Help i
The document is for study only,if tort to your rights,please inform us,we will delete
Contents 03.04

www.cadfamily.com
ii EMail:cadserv21@hotmail.com Printout of the Online Help
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1 Structure of a user administration system

Functional principle

The "User Administrator" editor is used to set up a user administration system. The
editor is used to assign and check authorizations which allow users to access the
individual editors of the configuration system and to access the functions during
runtime. Access rights to WinCC functions, the "authorizations", are assigned in the
User Administrator. These authorizations can be assigned to individual users or to
user groups. Authorizations can also be assigned during runtime.
When a user logs on to the system, the User Administrator checks whether the
user is registered. If the user is not registered, he has no authorizations
whatsoever. This means that he cannot call up or view data, or perform control
operations.
If a registered user calls up a functionality protected by access authorization, the
User Administrator checks whether the user has the appropriate authorization to
permit this. If not, the User Administrator denies access to the desired functionality.
The User Administrator also provides the configuration functions for the "Variable
Login" function which allows a user to log on to the workstation by means of a tag
value which is set using a key-operated switch, for example. The automatic logout
of a user after a certain time is also configured in the User Administrator.
If the WinCC "Chipcard" option is installed, the User Administrator provides
functions for maintaining chipcards.

Restrictions in the User Administration system

Object Maximum number


Authorizations 999
Users 128
User groups 128
Ranges 256

Printout of the Online Help 1


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.1 Tasks of the User Administrator

Introduction

The User Administrator is divided into two components for assigning and
maintaining user authorizations.
• Configuration system
• Runtime system

Configuration system

Users and authorizations are maintained in the User Administrator configuration


system. In this system new users are entered, passwords assigned, and
authorizations are maintained in a table.

Runtime system

The principal task of the User Administrator runtime system is to monitor the
system logins and access authorizations.

2 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.2 Structure of the User Administrator

Introduction

The user interface of the "User Administrator" editor consists of:


• menu bar
• toolbar
• multi-segment project window
• and status bar.

Printout of the Online Help 3


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.2.1 "File" menu

Introduction

Functions for project documentation and file management are combined in this
menu.

Printing project documentation

Use the "Print Project Documentation" command to print the configured user
administration data on the set printer. The page layout "@UACS.RPL", which can
be modified with the "Report Designer", is used as a template for the printout.
The printed data is dependent on the page layout used.

Viewing project documentation

Use the "View Project Documentation" command to preview the project


documentation.

Setting up project documentation

The "Project Documentation - Setup" command is used to configure the printer and
page layout to be used.

Note:
Further information on printing project documentation can be found in the chapter
"Working with WinCC" under "Documentation of the Configuration and Runtime
Data".

4 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.2.2 "User" menu

Introduction

The "User" menu contains all the items needed to set up new users or groups. You
can group users that have or will receive the same authorizations. Those users will
then receive the same authorizations as the rest of the group. This way, you can
avoid having to assign the same authorizations within a group manually.

Printout of the Online Help 5


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.2.2.1 Adding a user

Introduction

Use the "Add User" menu item in the "User" menu to add a new user to the
selected group.

Procedures

Procedure
1 In the project navigation window, select the group to which you want to add
a new user.
2 Select "Add User" in the "User" menu or the associated context menu. The
"Add New User" dialog appears.

3 Enter the login name in the "Login" field.


4 Enter the new password in the "Password" field. To confirm, re-enter the
new password in the "Verify Password" field.
5 Select the "Copy Group Settings Also" checkbox if the authorizations for the
group in which you have added the new user are also to apply to the new
user.
6 Close the dialog by clicking the "OK" button.
7 Assign the desired authorizations to the new user.

Note:
A user name can only be assigned once.

6 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.2.2.2 Copying a user

Introduction

Use the "Copy User" menu item in the "User" menu to copy the selected user with
all associated settings.

Procedures

Procedure
1 In the project navigation window, select the group to which you want to add
a new user.
2 Select "Add User" in the "User" menu or the associated context menu. The
"Copy User ..." dialog appears.

3 Enter the login name in the "Login" field.


4 Enter the new password in the "Password" field". To confirm, re-enter the
new password in the "Verify Password" field.
5 Close the dialog by clicking the "OK" button.
6 Assign the desired authorizations to the new user.

Note:
A user name can only be assigned once.

Printout of the Online Help 7


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.2.2.3 Adding a group

Introduction

Use the "Add Group" menu item in the "User" menu to add a new group. There are
no subgroups.

Procedures

Procedure
1 Select "Add Group" in the "User" menu or the associated context menu. A
new group is created in the project navigation window. A text window with
cursor appears next to the group icon.

2 Enter the name of the new group and then press the Enter key.
3 Assign the desired authorizations to the new group.

Note:
A group name can only be assigned once.

8 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.2.2.4 Deleting a user/group

Introduction

Use the "Delete User/Group" menu item to delete the selected user or group.

Procedures

Procedure
1 In the project navigation window, select the user or group to be deleted.
2 Select "Delete" in the "User" menu or the associated context menu. A dialog
appears in which you must confirm the deletion process.
3 Confirm by clicking the "OK" button.

Printout of the Online Help 9


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.2.2.5 Changing the password

Introduction

Use the "Change Password" menu item in the "User" menu to assign a new
password to the selected user. The password must be between 6 and 24
characters in length.

Procedures

Procedure
1 In the project navigation window, select the user to whom you want to
assign a new password.
2 Select "Change Password" in the "User" menu or the associated context
menu. The "Change Password" dialog appears.

3 Enter the old password in the "Password" field.


4 Enter the new password in the "New Password" field. To confirm, re-enter
the new password in the "Verify Password" field.
5 Close the dialog by clicking the "OK" button.

Note:
The abbreviated login name of the user is shown in the dialog (max. 22
characters).

10 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.2.2.6 Web options

Introduction

Select this menu item to set the "Web Navigator" checkbox in the table window and
to display the "Web Options" area.
The web options are described in more detail under "Table window".

Printout of the Online Help 11


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.2.2.7 How to change the name of a user or group

Introduction

You can change the name of a user or a group. Changing the name does not affect
the password for the user or group.

Procedures

Procedure
1 In the project navigation window, select the user to whom you want to assign
a new name.
2 Click the left mouse button on the user name. The name now appears in a
text window with cursor.
3 Enter the new name.
4 Confirm the new name by pressing the Enter key.

Note:
The user or group name can only be assigned once.

12 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.2.3 "Table" menu

Introduction

Use the "Table" menu to change or expand the user rights in the table window. It is
not possible to delete the "User Administrator" authorization. It is permanently set
for members of the "Administrator" group.

Printout of the Online Help 13


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.2.3.1 Inserting an authorization

Introduction

Use the "Insert Authorization" command to insert a line with a new authorization
into the table of the table window.

Procedures

Procedure
1 Select "Insert Authorization" in the "Table" menu. The "Insert Line" dialog
appears.
2 In the dialog, enter the line number of the new authorization. By default the
field contains the next free number.
3 Close the dialog by clicking the "OK" key.
4 In the new line, activate the "Function" column by double-clicking and enter
the name of the new authorization.
5 Confirm the new name by pressing the Enter key.
6 Assign the new authorization to the desired users.

Note:
A new authorization can be assigned to all users and not only to the user which
was selected when the authorization was created.

14 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.2.3.2 Deleting an authorization

Introduction

Use this command to delete a line in the table of authorizations.


Authorizations can only be deleted in the configuration system.

Procedures

Procedure
1 In the table window, select the line containing the authorization to be
deleted.
2 Select the "Delete Authorization" menu item in the "Table" menu. A dialog
appears in which you must confirm the deletion procedure.
3 Confirm by clicking the "OK" button.

Note:
The system does not allow certain authorizations to be deleted.
Deleted authorizations are lost for all entered users.

Printout of the Online Help 15


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.2.4 "Chipcard" menu

Introduction

This menu contains functions for the "Chipcard" option.


The menu can only be activated if the WinCC "Chipcard" option is installed and
the WinCC project is not in runtime.
The menu is described under "Extended Chipcard menu".

16 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.2.5 "AddOns" menu

Introduction

This menu contains additional functions.

Printout of the Online Help 17


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.2.5.1 Variable Login

Introduction

The "Variable Login" function assigns a tag value to a certain user. This user can
then log on to a workstation during runtime by setting the tag value, e.g. by means
of a key-operated switch.
This function is configured by following the steps below:
1. Assign an operating station to a configured tag ("Assigning Computer to Tag"
dialog)
2. Determine the minimum and maximum values of the value range which is to be
used for the "Variable Login" function ("Configuration" dialog)
3. Assign a certain tag value to a certain user ("Assigning User to Value" dialog)
On completion of his work, the user can log out again by setting the tag value to a
configurable logout value.
If a user is logged on at the system by means of "variable login", it is not possible
to log on at the same computer using the user dialog.
Assigning a computer to a tag
Configuration
Assigning a user to a value

18 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.2.5.2 Assigning a computer to a tag

Introduction

Select the "Assign Computer" menu item to open a dialog in which a computer for
the project can be assigned to a configured tag.
Each computer can be assigned to a different tag or all computers can be assigned
to the same tag.
The used tag must be "binary" or 8, 16 or 32 bit.

Name Description
"Computer" field Used to select a computer.
All computers for a project are displayed.
"Tag" field Here a tag name can be entered directly or selected in the
tag selection dialog.

Printout of the Online Help 19


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.2.5.3 Configuration

Introduction

Select the "Configuration..." menu item to open a dialog in which a value range can
be defined. A tag value within this range can be assigned to a user in the
"Assigning User to Value" dialog.

Name Description
"Minimum Value" field Defines the minimum tag value.
Value range: 0 - 32767
"Maximum Value" field Defines the maximum tag value.
The entered value must be greater than the minimum
value.
Value range: 1 - 32768

20 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.2.5.4 Assigning a user to a value

Introduction

Select the "User Assignment..." menu item to open a dialog in which a tag value is
assigned to a certain user.
If a user was already selected in the User Administrator before the dialog was
launched, the associated assignment is displayed in the dialog.

Name Description
"Value" field Used for selecting a value displayed in the table.
The selectable tag values are determined by the setting
in the "Configuration" dialog.
"User" field A user created in the User Administrator can be selected
here.
"Assign" button When a selection has been made in the "Value" and
"User" fields, this button assigns the user to the value
and displays the assignment in the table.
"Delete" button Deletes an assignment selected in the table.
"Value - User" table Shows the selectable tag values ("Configuration" dialog)
and the existing assignments to the users.

Printout of the Online Help 21


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

Note:
Each user can only be assigned to one tag value.
A "user" in the User Administrator can also be configured to represent a user
group or a function, e.g. "Maintenance" or "Fault" user.

22 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.2.6 Toolbar

Introduction

The symbols in the toolbar allow you to perform actions more quickly. You do not
have to make several selections through the menus until you reach the required
function.

Symbol Description
"User" "Add User"

"Group" "Add Group"

"User" "Copy User"

"User" "Delete User/Group"

"User" "Change Password"

"What's This?"

"Web Navigator"

Printout of the Online Help 23


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.2.7 Project window

Introduction

The user administration data is displayed in the project window. The window
consists of:
• the navigation window (left)
• and the multi-segment table window (right).

24 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.2.7.1 Navigation window

Navigation window

The navigation window contains a tree structure showing the configured groups
and the associated registered users. The selected user name is displayed in the
field above the navigation window. The "User" menu can be opened as a context
menu for the selected user or user group.

Printout of the Online Help 25


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.2.7.2 Table window

Introduction

In the table window, the login name and the associated settings are displayed for
the selected user and group.

"Login Only Via Chipcard" checkbox

If a user is to be able to log in by means of his chipcard only, this can be set by
activating the "Login Only Via Chipcard" checkbox.

Note:
The "Login Only Via Chipcard" checkbox is displayed if the WinCC "Chipcard"
option has been installed. A chipcard reader does not have to be connected to the
configuration computer. As a result, it is possible to set up the "Chipcard" function
and use it on other WinCC computers without a card reader needing to be
available during configuration.

"Automatic Logout" area

If the automatic logout function is to be activated for the selected user, the time and
starting point for this time can be entered in this area. The automatic logout
prevents unauthorized persons having unlimited access to the system.
If "0" is entered in the input field, the function is deactivated and the user remains
logged in until the system is shut down or another user logs in.
If the "Absolute Time" option button is set, the configured time for the automatic
logout begins to run down when the user logs in, regardless of whether control
operations are performed by the user in the meantime.
If the "Idle Time" option button is set, the configured time begins to run down from
the point at which the user last performed a keyboard or mouse operation. The
automatic logout only occurs after this pause in operator control.
When a user has been logged out automatically, the same or a different user can
log in during runtime.

"Web Navigator" checkbox and "Web Options" area

If the checkbox is set, the "Web Options" area is displayed. In this area, the
settings for the start screen and language are configured and then applied if the
user dials into the WinCC project from the web. Only images which are available
on the Web Navigator can be selected as the start screen.
The checkbox can also be activated using the "Web Navigator" button in the
toolbar.

Authorizations table

The lower part of the table window shows the configured authorizations. Each line
contains one authorization.

26 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

The number of displayed authorizations depends on the installed options, e.g. the
"Basic Process Control" option.
Authorizations with the numbers 1000 - 1099 are system authorizations which
cannot be set, modified, or deleted by the user.
Authorization 1 "User Administration" is set by default for users in the
"Administrator" group. This authorization cannot be deleted.
In the "Unlock" column, an authorization can be assigned to the selected user by
double-clicking in the desired line.
Each authorization must be assigned separately. Multiple authorizations can only
be transferred according to the group assignment when you add a new user to a
group. The table can be edited by selecting the "Table" menu item.

Printout of the Online Help 27


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.2.7.3 How to set an automatic logout for a user

Introduction

If the "Automatic Logout" function is set, a logged-in user can be logged out
automatically after a definable time. This prevents unauthorized persons from
having unlimited access to the system following control operations by the currently
logged-in user.
If "0" is entered in the input field, the function is deactivated and the user remains
logged in until the system is shut down or another user logs in.
If the "Absolute Time" option button is set, the configured time for the automatic
logout begins to run down when the user logs in, regardless of whether control
operations are performed by the user in the meantime.
If the "Idle Time" option button is set, the configured time begins to run down from
the point at which the user last performed a keyboard or mouse operation. The
automatic logout only occurs after this pause in operator control.
When a user has been logged out automatically, the same or a different user can
log in during runtime.

Procedures

Procedure
1 In the project navigation window, select the group or user for which you want
to configure the "Automatic Logout" function.
2 In the input field in "Automatic Logout" section of the table window, enter the
time in minutes after which the system is no longer to permit process control
and the user is to be logged out.
3 The "Absolute Time" option button is set by default. Activate the "Idle Time"
option button if the time after which the automatic logout is to be performed
is to begin running down from the point at which the user last performed a
keyboard or mouse operation.

28 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.2.7.4 How to activate the "Login Only Via Chipcard" function for a user

Introduction

If a user is to be able to log in using his chipcard only, this can be set in the User
Administrator by activating the "Login Only Via Chipcard" function.

Note:
The "Login Only Via Chipcard" checkbox is displayed if the WinCC "Chipcard"
option has been installed. In addition, the "Terminal Active" option must also be
activated in the "WinCC Chipcard Terminal" component in the Control Panels of
Windows.
A chipcard reader does not have to be connected to the configuration computer.
As a result, it is possible to set up the "Chipcard" function and use it on other
WinCC computers without a card reader needing to be available during
configuration.

Procedure

Procedure
1 In the project navigation window, select the user for which the "Login Only
Via Chipcard" function is to be activated.
2 In the table window, activate the "Login Only Via Chipcard" checkbox.

Printout of the Online Help 29


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.2.8 Status bar

Introduction

The left side of the status bar contains general program information.
The fields on the right side provide information on keyboard settings.

30 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.3 Procedures in User Administration

Introduction

This chapter outlines the structure of a user administration system and how to use
authorizations.

Printout of the Online Help 31


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.3.1 Overview of User Administration system structure

Introduction

The following basic steps are necessary to set up a user administration system:
1. Add the required groups.
2. Select the appropriate authorizations for the groups.
3. Add the users and assign the respective login names and passwords. The
properties of the group can be copied when new users are added. In this case, it is
advisable to assign the users to groups with authorizations which you want the
users to have.
4. Select the specific authorizations for the various users. It is also possible to set a
time here after which the system is to automatically log out the user in order to
protect the system from unauthorized entries. It can also be determined whether
the user should be able to log in by means of the chipcard only and which user-
specific settings apply if the user should dial into the system from the web.
The data is applied without being stored.

32 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.3.2 Selecting an authorization in other editors

Introduction

If you want to assign an authorization in a different editor, e.g. an attribute of an


object, the following dialog appears.

The authorizations are displayed in numerical order. If you select an authorization


here, the function or control operation will be unlocked during runtime only for
users who have the appropriate authorization.
You can open the dialog in various ways, e.g. by means of the "Authorization"
attribute in the properties for an option button in the Graphics Designer.

Printout of the Online Help 33


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.3.3 Operation during runtime

Introduction

The following steps are necessary for a user to log in during runtime:
1. Start the runtime system.
2. Now open the password dialog using the shortcut keys for "Login" defined in
the WinCC Explorer (Project Properties - Hotkey tab).
3. Enter your login name and the password in the dialog.
The system checks the authorizations you have been assigned with those of the
editors and the installed components. If the authorizations match, the system
unlocks the editors and components so that they can be used.

Note:
If a large number of authorizations have been assigned to a user, i.e. around the
maximum number of 999 authorizations per user, several minutes may be
required to log in the user.

34 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.4 WinCC options for the User Administrator

Introduction

Installing WinCC together with the options will extend the functionality of the User
Administrator.
• The OS Project Editor in the "Basic Process Control" option changes the
number and function of the authorizations in the table window. The
authorizations then correspond to the PCS7 user hierarchies.
• The "Chipcard" option inserts the "Chipcard" item together with the associated
functions in the menu bar and the "Login Only Via Chipcard" checkbox can
then be activated in the table window.

Printout of the Online Help 35


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.4.1 Extended "Chipcard" menu

Introduction

The User Administrator provides functions for controlling a chipcard reader. You
can write to and check chipcards in the configuration system. The "Chipcard" menu
is deactivated during runtime.

Requirements

The following requirements must be met before WinCC with the "Chipcard" option
can be used:
• the "Chipcard" option must be installed and
• an interface (e.g. COM1 or COM2) must be assigned to the chipcard reader.
When these requirements have been met, the "Chipcard" menu becomes available
and the "Login Only Via Chipcard" checkbox is displayed in the table window.

Note:
No Windows Administrator rights are required to write to and check chipcards in
the configuration system or to use the chipcards during runtime.
To be able to write to and read a chipcard, the hardware connection between the
chipcard reader and computer must be connected before the computer is started.

36 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.4.1.1 How to set the interface for the chipcard reader

Introduction

An interface on the WinCC computer must be assigned before a chipcard


reader/writer can be used in WinCC.
An interface must also be assigned to activate the "Chipcard" menu in the User
Administrator. Further requirements can be found under "Extended Chipcard
menu".
If the User Administrator is opened again after the interface has been set, the
"Chipcard" menu is activated in the menu bar.
If the "Terminal Disabled" option button is activated in the "WinCC Chipcard
Terminal Configuration" dialog (Control Panels), the "Chipcard" menu is
deactivated when the User Administrator is opened again.

Note:
The current Windows user must have administrator rights in Windows to be able
to access the "WinCC Chipcard Terminal Configuration" dialog.

Procedures

Procedure
1 Open the "WinCC Chipcard Terminal" icon in the Control Panels of
Windows. The "WinCC Chipcard Terminal Configuration" dialog appears.

2 Activate the "Terminal active" option button.


3 Select the desired interface in the "Connection" field.
4 Close the dialog by clicking the "OK" button.

Printout of the Online Help 37


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.4.1.2 How to write to a chipcard

Introduction

When a chipcard is written, all of the data on the card is deleted. The user (login
name) and the password are stored on the card.

Procedures

Procedure
1 Select "Write To Chipcard" in the "Chipcard" menu. The "Write To Chipcard"
dialog appears.

2 Select the desired user in the "Write Card for User" field.
3 Activate the "Additional Manual Password Also Required" checkbox if this
condition is to be applied when logging in during runtime.
4 Insert the chipcard into the chipcard reader.
5 Click the "Write To Card" button. The User Administrator transfers the data
to the chipcard.
6 Close the dialog by clicking the "Close" button.

Note:
To be able to write to and read a chipcard, the hardware connection between the
chipcard reader and computer must be connected before the computer is started.

You can only activate this menu item if WinCC was installed with the "Chipcard"
option. Further requirements can be found under "Extended Chipcard menu".

38 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.4.1.3 How to check a chipcard

Introduction

This function is used to read a chipcard. It allows the data on the chipcard to be
checked if, for example, the card has just been written or a reading error has
occurred.
The login name stored on the card is displayed in the "User" field. If the login name
already exists in the User Administrator, the text "Card valid" appears in the dialog.
If the name does not exist, the text "Card invalid" is displayed.
If there is an error when reading the chipcard, it is noted in this dialog. No user
name is provided.

Procedures

Procedure
1 Insert the chipcard into the chipcard reader.
2 Select "Check Chipcard" in the "Chipcard" menu. The "Check Chipcard"
dialog appears.

3 The result of the check is displayed.


4 Close the dialog by clicking the "Close" button.

Note:
To be able to write to and read a chipcard, the hardware connection between the
chipcard reader and computer must be connected before the computer is started.

You can only activate this menu item if WinCC was installed with the "Chipcard"
option. Further requirements can be found under "Extended Chipcard menu".

Printout of the Online Help 39


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.4.2 Chipcard reader during runtime

Introduction

To log into WinCC, the user inserts his chipcard into the chipcard reader and the
required data is read out. If the chipcard is inserted, it is not possible to log on at
the system manually. The user remains logged on at the system until he removes
the card from the chipcard reader. The "Automatic Logout" function whereby the
user is logged out automatically after a set time is only possible in conjunction with
chipcard operation.

Note:
The "Chipcard" menu is deactivated during runtime since the functions can only
be used in the configuration system.

40 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.5 Overview of the Authorizations

Introduction

This chapter provides an overview of the authorizations of the User Administrator.

Printout of the Online Help 41


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

1.5.1 Standard authorizations

Introduction

When the User Administrator is opened for the first time, the table window contains
certain default authorizations.
The authorizations in the table can be deleted or modified, except for the "User
Administration" authorization.
Authorizations with a lower number are not contained in authorizations with higher
numbers, but instead each authorization functions independently.
A member of the "Administrator Group" always receives access to the "User
Administration" authorization.
The standard authorizations are assigned in the configuration system, but are only
effective during runtime. This prevents a logged-in user from receiving unlimited
access to all system areas during runtime.

Note:
The names of the authorizations indicate what kind of influence the corresponding
authorization should have, but not how you actually use them.

The authorizations are preset by WinCC as follows:

No. 1: User administration

This authorization grants the user access to the User Administration.


If this authorization is set, the user can call up the User Administrator and make
changes.

No. 2: Value input

This authorization enables the user to enter values manually, e.g. into I/O fields.

No. 3: Process controlling

This authorization enables the user to perform control operations, e.g.


manual/automatic switchover.

No. 4: Picture editing

This authorization enables the user to change pictures and picture elements (e.g.
via ODK).

No. 5: Change picture

42 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

This authorization enables the user to trigger a picture change and thus open
another configured picture.

No. 6: Window selection

This authorization enables the user to change the application windows in Windows.

No. 7: Hardcopy

This authorization enables the user to make a hardcopy of the current process
screen.

No. 8: Confirm messages

This authorization enables the user to confirm messages.

No. 9: Lock messages

This authorization enables the user to lock messages.

No. 10: Unlock messages

This authorization enables the user to unlock (free) messages.

No. 11: Message editing

This authorization enables the user to change messages in Alarm Logging (e.g. via
ODK).

No. 12: Start archive

This authorization enables the user to start an archiving process.

No. 13: Stop archive

This authorization enables the user to stop an archiving process.

No. 14: Edit archive values

This authorization enables the user to configure the evaluation process for the
archive tags.

No. 15: Archive editing

This authorization enables the user to control or change the archiving process.

Printout of the Online Help 43


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

No. 16: Action editing

This authorization gives the user the right to execute and change scripts (e.g. via
ODK).

No. 17: Project manager

This authorization grants the user access to the WinCC Explorer.

44 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.5.2 PCS7 user hierarchies

Introduction

These user authorizations correspond to the user hierarchies from PCS7 and are
available after the wizard in the OS Project Editor ("Basic Process Control" option)
has been activated.
Authorizations can be added, deleted or their names be changed in the
configuration system. Authorizations with a lower number are not contained in
authorizations with higher numbers, but instead each authorization functions
independently.
The following preset authorizations cannot be deleted or changed:

No. 1: User administration

If this authorization is set, the user can call up the User Administrator and make
changes.

No. 2: Authorization for area

If this authorization is set, the user can select pictures from the specified system
areas.

No. 3: System change

If this authorization is set, the user is granted the right to make status changes, e.g.
to deactivate the runtime system.

No. 4: Monitoring

If this authorization is set, the user can monitor - but not control - the process, e.g.
selection of the batch visualization.

No. 5: Process controlling

If this authorization is set, process controlling can be performed.

No. 6: Higher process controlling

If this authorization is set, the user is permitted to perform control operations which
have permanent effects on the process, e.g. modifying the limit values of a
controller.

No. 7: Report system

Printout of the Online Help 45


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

If this authorization is set, the user can trigger reports or edit the layout in the
Report Designer runtime.

No. 8: Archive controlling

If this authorization is set, the user can control the functions of Storage.

46 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Structure of a user administration system

1.5.3 System authorizations

Introduction

The authorizations from 1000 to 1099 are system authorizations. They are
generated automatically by the system and cannot be created, modified, or deleted
by the user. However, the system authorizations, like any other authorization, can
be assigned to a user.
The system authorizations are effective in the configuration system and during
runtime. In the configuration system, this prevents a user who is not registered in a
project from being granted access to the project, e.g. a server project.
The authorizations mean:

No. 1000: Activate remote

If set, the user can start or stop the runtime for this project from a different
computer..

No. 1001: Configure remote

If this item is set, the user can configure and make changes to the project from a
different computer.

No. 1002: Just monitor

If this item is set, the user can only open the project from a different computer; he
cannot make changes or perform control operations.

Printout of the Online Help 47


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Structure of a user administration system 03.04

48 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
03.04 Index

Index

A K
Action 42 Key-operated 17
Activate / deactivate remote 47
Archive 42
Archive controlling 42, 45 L
Authorization 26, 28, 29, 42, 45, 47
assigning 33 Login 34
deleting 15 during runtime 34
inserting 14 only via chipcard 26, 29
PCS7 user hierarchies 45 Login during runtime 34
selecting 33
standard authorizations 42
system authorizations 47 M
Authorization for area 45
Automatic logout 26, 28 Message 42
confirm 42
lock 42
unlock 42
C Monitoring 45, 47
Change 42
Chipcard 36, 37
checking 39 N
operation during runtime 40
writing to 38 Navigation 25
Computer
assigning 19
Configuration 20, 21 P
Configure remote 47 Password
changing 10
Picture 42
E Printing 4
Edit 42 Process 42, 45
Process controlling 47
Project 4, 42
Project documentation
G printing 4
Group setting up 4
adding 8 view 4
deleting 9

R
H Report 45
Hardcopy 42
Higher process controlling 45
S
Start archive 42

Printout of the Online Help Index-1


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete
Index 03.04

Status 30
Stop archive 42
System 45

T
Table 26, 28, 29
Toolbar 23

U
User 5, 32, 42, 45
adding 6, 7
assigning 21
deleting 9
User administration 47
User authorization 47
User/group
deleting 9

V
Value 42
Variable Login 17
assigning a computer 19
assigning a user 21
configuration 20, 21

W
WinCC Chipcard Terminal 36, 37
Window 42

Index-2 Printout of the Online Help


www.cadfamily.com EMail:cadserv21@hotmail.com
The document is for study only,if tort to your rights,please inform us,we will delete

You might also like