Rockwell Automation Allen-Bradley Logix5000 Programming Manual
Controllers security
Hide thumbs
Also See for Allen-Bradley Logix5000:
- Programming manual (32 pages) ,
- Programming manual (30 pages) ,
- Quick start manual (54 pages)
Related Manuals for Rockwell Automation Allen-Bradley Logix5000
Summary of Contents for Rockwell Automation Allen-Bradley Logix5000
- Page 1 Programming Manual Logix5000 Controllers Security Catalog Numbers 1756 ControlLogix, 1769 CompactLogix, 1789 SoftLogix, PowerFlex 700S with DriveLogix...
- Page 2 If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be impaired. In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use or application of this equipment.
- Page 3 Change Reordered sections on source keys Applying source protection page 34 through Source key file page 40 Added information on License-Based Configuring source protection in the Source Protection Logix Designer application page 33 Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 5: Table Of Contents
Apply License protection to a component .......... 44 Protect components with Licenses ..........44 Apply License Protection to one or more components ....46 Share License privileges with other users on your network ..47 Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... - Page 6 Securing a ControlLogix controller with the Logix CPU Security Tool controller ......................55 Accessing a secured controller............59 Removing security from a controller with the CPU Security Tool ....................... 62 Removing a password ..............64 Index Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 7: Summary Of Changes
The Studio 5000® environment is the foundation for the future of Rockwell Automation® engineering design tools and capabilities. The Studio 5000 environment is the one place for design engineers to develop all elements of their control system. -
Page 8: Additional Resources
Rockwell Automation™ sales representative. Copyright Notice Legal notices © 2015 Rockwell Automation, Inc. All rights reserved. Printed in USA. This document and any accompanying Rockwell Software products are copyrighted by Rockwell Automation, Inc. Any reproduction and/or distribution without prior written consent from Rockwell Automation, Inc. is strictly prohibited. - Page 9 SE, Logix5000, Logix Designer, RSLinx Classic, Rockwell Software Security Emulator, RSLogix 5000, and Studio 5000 are trademarks of Rockwell Automation, Inc. Any Rockwell Automation software or hardware not mentioned here is also a trademark, registered or otherwise, of Rockwell Automation, Inc. Other Trademarks...
- Page 10 Preface Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 11: Security
For more information about Data Access Control, see the Logix5000 Controllers I/O and Tag Data Programming Guide. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... -
Page 12: Factorytalk Security
FactoryTalk Security. In the FactoryTalk architecture, there are two separate Directory types, Local and Network. A FactoryTalk Local directory is sometimes utilized when all the Rockwell Automation Software products run on a single computer. Use the Local FactoryTalk Directory for products such as FactoryTalk®... -
Page 13: Configuring Factorytalk Security With Logix Designer Application
20 or later, and the security commands are available, skip to step 5 below. If you are using RSLogix 5000 version 19 or earlier, you need to use SetSecKeys to enable security. Follow the instructions below. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... - Page 14 Directory. RSSecurity Emulator is not required and the FactoryTalk Local Directory is not supported. c. If prompted to log on to FactoryTalk, type your FactoryTalk user name and password, and then click OK. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 15: Installing Factorytalk Services Platform Software
Factory Talk Directory files to a previous software version. After the installation is complete, refer back to Enabling security page If you are having problems, refer to the FactoryTalk Security System Configuration Guide. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... - Page 16 If prompted to Log On to FactoryTalk, type your FactoryTalk User name and Password, and then click OK. In the example below, the FactoryTalk Directory (FTD) was configured with an account called FTADMIN. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 17 Name field. By default, this is the name of the ACD file that you use later when applying security to a controller resource page 22 in the FactoryTalk Administration Console. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 18 5. Click the Security tab or the Advanced tab, depending on the version of the application, to configure the security settings. Click the Security tab if it appears in the Controller Properties dialog box. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 19 FactoryTalk Services Platform 2.50 or later and a version of the application that supports associating a project with a specific Security Authority. c. For information about the parameters on the Security tab, click the Help button. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 20 When you select a security authority for a project, Important: you can only access the project and any controller that contains it when you have been granted access in FactoryTalk Security. 7. Save the project file. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 21 8. On the menu bar, click Communications, and then click Who Active to download the project file to the controller. 9. In the Who Active window, locate and click the controller resource. 10. Click Download to continue. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 22: Applying Security To A Controller Resource
The following steps show configuring a single controller for security. When Applying security to managing large numbers of users and controllers, Rockwell Automation a controller recommends that you group users with user groups, group permissions with action groups, and use the Resource Grouping method to secure your resource resources to simplify administration of permissions. - Page 23 FTADMIN. 4. Go to the controller resource the secured project file was downloaded to. From the Explorer window, expand Networks and Devices to find the controller you want to configure. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 24 Controller Properties dialog box made during the Securing a Logix Designer application project file page 16 section. You can also type the controller name if the name does not appear in the list. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 25 RSLinx Classic to display controllers. Once the path information is updated in RSLinx Classic, open the FactoryTalk Administration Console and right-click Network and Devices tree and then click Refresh. 7. Click OK to continue. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 26 This completes the FactoryTalk Security configuration for a controller resource. For more FactoryTalk Security information, refer to the FactoryTalk Security System Configuration Guide. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 27: Migrating From A Security Server Database To A Factorytalk Server
Follow these steps to import a security server database into FactoryTalk Importing a security Security. server database 1. Click the Start button, then click All Programs, then click Rockwell Software, then click FactoryTalk Tools, and then click Import RSSecurity Configuration. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... - Page 28 Click OK. 3. Click Yes for the FactoryTalk Security Import warning message. 4. In the Log on to Factory Talk dialog box, type your User name and Password and then click OK. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 29 FactoryTalk and then click OK. 6. In the Import Issue Resolution dialog box, resolve any issues that occurred during the import, and then click Continue. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 30 7. In the FactoryTalk Security Resource Group Import dialog box, right-click the group you want to import and then click Add Area. 8. Browse to the resource location and click OK. 9. Click OK. The import succeeded message appears. 10. Click OK. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 31: Importing Status Text File
This image shows an example of the Import Status text file that is created when an import is completed. Organizer import result This graphic shows the results of the import process in the Explorer. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... - Page 32 Migrating from a security server database to a FactoryTalk server Chapter 3 Resource Editor This image shows the results of the import in the Resources Editor. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 33: Configuring Source Protection In The Logix Designer Application
Write down the source keys or make a copy of the sk.dat file and Important: option store in a secure location before deleting the sk.dat file. 1. Open the protected project. 2. Click Tools > Security > Configure Source Protection. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... -
Page 34: Apply Source Key Protection To A Component
Specify a Source Key file and location Follow these steps to configure a source key file location. 1. Open an offline project file. 2. On the menu bar, click Tools > Security > Configure Source Protection. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... - Page 35 5. In the Browse for Folder dialog box, click the folder to store the key file, and click OK. You can save the key file in any accessible folder. In this example the path to the key file folder is C:\RSLogix 5000\Projects folder. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 36: Protect Components With Source Keys
Component Properties - All controls on the dialog boxes of the components are read-only. Search and Replace - Find All is the only available search type source. Find Next, Replace All, and Replace Next skip the protected Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... - Page 37 0-9, and an underscore character ( _ ). You can enter uppercase A-Z characters in RSLogix 5000 software or in the source key file, but the uppercase characters are converted to lowercase. Source keys are limited to 40 characters in length. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 38 1. Open an offline project file. 2. On the menu bar, click Tools > Security > Configure Source Protection. 3. In the Source Protection Configuration dialog box, select one or more components that require protection, and click Protect. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 39 Show Source Key check box. 7. If you want to apply a source key name, type the name in Source Key Name. Do not exceed 40 characters. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 40 We recommend that you write down your source keys or back up and store the sk.dat file in a secure location. If necessary, the individual keys can be distributed or provided to the necessary parties. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 41 4. Click at the end of an existing, unnamed source key, and press Enter. Source keys are case sensitive and may use special characters, such as @#$%(){}[]. 5. Press Tab, and type a name for the source key. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 42: View Components Without A Key
4. Select the Allow viewing of components check box, and click OK. In the Source Protection Configuration dialog box, +View appears for components that are viewable on workstations that do not have the source key. 5. Click Close. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... -
Page 43: Verify Source Key Protection On A Component
You can delete a source key file (sk.dat) from a workstation. Write down the source keys or make a copy of the sk.dat file and Important: store it in a secure location before deleting the sk.dat file. 1. Open the protected project. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... -
Page 44: Apply License Protection To A Component
Important: A user can add or remove protection from a component only when the Protect permission exists on the license currently protecting that component. License Protection on a component affects the following features: Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... - Page 45 Cut, Copy, Paste - Users can copy, paste, and drag and drop source protected components from the Controller Organizer or Logical Organizer. Users cannot copy, paste, or drag and drop logic contained within the source protected component unless the license contains Copy permission. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 46: Apply License Protection To One Or More Components
If a license does not contain the Protect permission, it will not appear in the list of licenses. 3. In the Source Protection Configuration dialog box, select the component to be protected and click Protect. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... -
Page 47: Share License Privileges With Other Users On Your Network
CmStick installed that contains the same license with Use permission. The CmStick must be plugged into a USB port locally on the computers. You can share license privileges with other users and provide license privileges to users of remote desktop. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... - Page 48 USB port on your computer. 2. Click WebAdmin to open the CodeMeter WebAdmin window in your default web browser. 3. Click Configuration > Server, select Run network server, and click Apply. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 49 8. On the CodeMeter Control Center, navigate to the Process tab to stop and restart CodeMeter. 9. On the computers that need to receive the shared license privileges, open the CodeMeter Control Center application. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 50 Follow these steps to provide license privileges for remote desktop users on your network. 1. On the remote desktop client computer, open the CodeMeter Control Center application. To open the application, navigate to the C:\Program Files (x86)\CodeMeter\Runtime\bin folder, and run the CodeMeter.exe file. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 51 The CmStick should be plugged into a USB port on your computer. 2. Click WebAdmin to open the CodeMeter WebAdmin window in your default web browser. 3. Click Configuration > Server, select Run network server, and click Apply. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 52 8. On the CodeMeter Control Center, navigate to the Process tab to stop and restart CodeMeter. 9. Log onto the remote computer with remote desktop. 10. On the remote computer, open the CodeMeter Control Center application. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 53 To prevent accidental granting of privileges and to prevent CodeMeter from searching unnecessarily, add 127.0.0.1 (the localhost IP address) to the Server Search List. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 55: Securing A Controllogix Controller
Logix Designer menu bar on the Tools menu. ControlLogix 1. Click the Start button, then click All Programs, then click Rockwell controller with the Software, then click RSLogix 5000, and then click Logix CPU Logix CPU Security Security Tool. Tool Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... - Page 56 Chapter 5 2. In the Logix CPU Security dialog box, click the RSWho button to specify a path to the controller. 3. Select the controller that you want to secure and click OK. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 57 4. Click Change Password. 5. In the Change Password dialog box, in the New Password box type a password, and then in the Confirm New Password box, retype the password. Click OK. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 58 Save to Nonvolatile Memory after controller is secured check box to save the security state of the controller to nonvolatile memory. Refer to the Logix Designer application help for additional information on using nonvolatile memory. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 59: Accessing A Secured Controller
5000 CPU Security Tool and you do not have a local copy of the project file on your computer, the application prompts you to select the proper file. To access a secured controller, do the following. 1. On the menu bar, click Communications, and then click Who Active. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... - Page 60 Go Online. If you do not have a local copy of the project file on your computer, the application prompts you to select a file. 3. Click Select file to find the project file. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 61 4. In the Enter New or Select Existing File dialog box, click the project file and then click Select. 5. Click Yes to create and upload the project. An unspecified communications dialog box appears indicating that the application is now offline. 6. Click OK to continue. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 62: Removing Security From A Controller With The Cpu Security Tool
1. Start the Logix CPU Security Tool. Click the Start button, then click All Programs, then click Rockwell Software, and then click Logix CPU Security Tool. 2. In the Logix CPU Security dialog box, click the RSWho button to specify a path to the controller. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... - Page 63 5. In the Unsecure Controller dialog box, in the Password box, type the password for the controller and then click Unsecure. The controller is now unsecured, but the controller still recognizes the password. 6. Select Exit. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
-
Page 64: Removing A Password
Follow these steps to remove a password. 1. In the Logix CPU Security - DayOfWeek dialog box, click Change Password. 2. In the Change Password dialog box, remove the '****' empty string and click OK. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015... - Page 65 Securing a ControlLogix controller Chapter 5 The controller status is now UNSECURED. Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 67 FactoryTalk routine directory 12 source protection 34 security 12 RSLogix 5000 Service Platform software 15 enable security 13 file secure project file 16 sk.dat 40 source protection 34 secure RSLogix 5000 project 16 Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 68 Index security controller resource 22 FactoryTalk 12 import server database 27 technical support 13 sk.dat file 40 source key delete file 43 source protection disable routine 33 install 33 Rockwell Automation Publication 1756-PM016H-EN-P - March 2015...
- Page 69 Rockwell Automation representative. New product satisfaction return Rockwell Automation tests all of its products to ensure that they are fully operational when shipped from the manufacturing facility. However, if your product is not functioning and needs to be returned, follow these procedures.