Siemens SIMATIC S7-1500 System Manual page 243

All in one place
Irrespective of the service for which you configure users, roles and rights for a CPU: You have
to manage the data at the same location.
All users, no matter if you manage their engineering rights for the project or their local
runtime rights for each CPU in the project, can be found in the editor for users and roles in
the project tree.
Powerful password functions
• Support for compliance with complexity rules for password creation:
Right from the password creation stage, you can have the TIA Portal check compliance
with complexity rules, such as the password length, uppercase/lowercase letters. (Project
tree, "Security settings > Settings" area).
The complexity rules are also saved in the CPU upon loading the user management. When
the password is changed online, the CPU determines and considers these rules. This
prevents a user from overriding the complexity rules set by the configuration engineer
and assigning a non-secure password.
• The period of validity of passwords is adjustable:
To ensure that a user does not have access to the CPU with a compromised password for
an unlimited time, you can parameterize a period of validity. Before the period of validity
expires, the remaining time is then displayed on login so that each user has the possibility
to change their password in time.
Loading the user management during operation
As of firmware version V3.1, you can load certain security-relevant configuration data both in
the STOP mode and in the RUN mode. Therefore, loading the hardware configuration does
not necessarily lead to a STOP of the CPU.
You can make the following changes in the STOP mode as well as in the RUN mode
(Download to device > Hardware configuration):
• Local user management extended/changed
• TIA Portal-configured certificates added/changed
• Syslog configuration changed
If you have made additional changes to the hardware configuration (for example, adding
modules, re-parameterization, etc.), the CPU automatically prompts for the STOP state before
loading.
Therefore, when you load just one user with modified roles/function rights to the CPU, for
example, this process does not require any STOP state of the CPU.
The preview dialog for loading contains a security area so that you can determine when
loading how the CPU should deal with user data that has changed in the meantime (not
when loading for the first time). This allows changes to user data (e.g. password changes
during runtime) to be retained.
SIMATIC Drive Controller
System Manual, 11/2023, A5E46600094-AD
Protection
11.3 Local user management
241