Siemens SIMATIC ET 200SP System Manual page 134

Protection
8.2 Configuring access protection for the CPU
Access levels of the CPU
Table 8- 1
Access levels
Full access (no
protection)
Read access
HMI access
No access
(complete pro-
tection)
Each access level allows unrestricted access to certain functions without entering a
password, for example, identification using the "Accessible devices" function.
The CPU's default setting is "No restriction" and "No password protection". In order to protect
access to a CPU, you need to edit the properties of the CPU and set up a password. In the
default access level "Full access (no protection)" every user can read and change the
hardware configuration and the blocks. A password is not set and is also not required for
online access.
The access level of the CPU does not restrict communication between the CPUs (via the
communication functions in the blocks) unless PUT/GET communication is deactivated.
Entry of the right password allows access to all the functions that are allowed in the
corresponding level.
Note
Configuring an access level does not replace know-how protection
Configuring access levels offers a high degree of protection against unauthorized changes to
the CPU by restricting the rights to download the hardware and software configuration to the
CPU. However, blocks on the SIMATIC memory card are not write- or read-protected. Use
know-how protection to protect the code of blocks on the SIMATIC memory card.
134
Access levels of the CPU
Access restrictions
Any user can read and change the hardware configuration and the blocks.
With this access level, read-only access to the hardware configuration and the
blocks is possible without entering a password, which means you can download
the hardware configuration and blocks to the programming device. In addition, HMI
access and access to diagnostics data is possible.
Without entering the password, you cannot load any blocks or hardware configura-
tion into the CPU. Additionally, the following are not possible without the pass-
word:
Writing test functions
•
Firmware update (online)
•
With this access level only HMI access and access to diagnostics data is possible
without entering the password.
Without entering the password, you can neither load blocks nor the hardware
configuration into the CPU, nor load blocks and hardware configuration from the
CPU into the programming device. Additionally, the following are not possible
without the password:
Writing test functions
•
Changing the mode (RUN/STOP)
•
Firmware update (online)
•
No read or write access to the hardware configuration and the blocks is possible if
the CPU is completely protected. HMI access is also not possible. The server
function for PUT/GET communication is disabled in this access level (cannot be
changed).
Authentication with the password will again provide you full access to the CPU.
Distributed I/O system
System Manual, 12/2015, A5E03576849-AF