DigiVis 500

Engineering Manual
Security Lock
Version 1.0 SP1
 DigiVis 500

Engineering Manual
Security Lock

Version 1.0 SP1

NOTICE
The information in this document is subject to change without notice and should not be
construed as a commitment by ABB. ABB assumes no responsibility for any errors that
may appear in this document.

In no event shall ABB be liable for direct, indirect, special, incidental or consequential
damages of any nature or kind arising from the use of this document, nor shall ABB be
liable for incidental or consequential damages arising from use of any software or hard-
ware described in this document.

This document and parts thereof must not be reproduced or copied without written per-
mission from ABB, and the contents thereof must not be imparted to a third party nor used
for any unauthorized purpose.

The software or hardware described in this document is furnished under a license and
may be used, copied, or disclosed only in accordance with the terms of such license.

Copyright © 2012 ABB

All rights reserved.

Release: January 2012

Document number: 2PAA104348R0201

TRADEMARKS
All rights to copyrights and trademarks reside with their respective owners.
 Table of Contents
About This Book
Use of Warning, Caution, Information, and Tip Icons ........................................................... 3
Typographic Conventions ....................................................................................................... 4
Terminology............................................................................................................................ 4
Related Documentation .......................................................................................................... 4

Section 1 - Security Lock

General Description................................................................................................................ 5
Procedure Overview ............................................................................................................... 6
On the Engineering Station ......................................................................................... 6
On the Operator Stations............................................................................................. 6
Security Lock Installation....................................................................................................... 6
Starting Security Lock Setup ...................................................................................... 6
Initial Password for starting Security lock .................................................................. 7
Call-up of Security lock.......................................................................................................... 7
Call-up from DigiVis 500 Graphics Builder ............................................................... 7
Call-up from DigiVis 500 Operations ......................................................................... 8
Call-up from the Windows XP Task Bar .................................................................... 8
Security Lock Password ......................................................................................................... 8
General Note on Security Lock Password................................................................... 8
Changing the Security Lock password........................................................................ 9
User interface........................................................................................................................ 10
Menu overview Security Lock .................................................................................. 10
Description of the Toolbar......................................................................................... 10
Configuring users and groups with Security Lock ............................................................... 11
Group data, system rights.......................................................................................... 11
Security lock on Operator Station ........................................................................................ 15

2PAA104348R0201 1
Table of Contents

Access rights configuration for the project ...........................................................................16

Specification of target PC user groups in the project.................................................16
Configuring access rights to displays and logs with DigiVis 500 Graphics Builder. 17
Inheritance hierarchy of access rights........................................................................17
Security Lock and several PCs..............................................................................................18

Index

2 2PAA104348R0201
 About This Book

Use of Warning, Caution, Information, and Tip Icons

This publication includes Warning, Caution, and Information where appropriate
to point out safety related or other important information. It also includes Tip to
point out useful hints to the reader. The corresponding symbols should be
interpreted as follows:

Electrical warning icon indicates the presence of a hazard which could result in
electrical shock.

Warning icon indicates the presence of a hazard which could result in personal
injury.

Caution icon indicates important information or warning related to the concept

discussed in the text. It might indicate the presence of a hazard which could
result in corruption of software or damage to equipment/property.

Information icon alerts the reader to pertinent facts and conditions.

Tip icon indicates advice on, for example, how to design your project or how to
use a certain function

Although Warning hazards are related to personal injury, and Caution hazards are
associated with equipment or property damage, it should be understood that
operation of damaged equipment could, under certain operational conditions, result
in degraded process performance leading to personal injury or death. Therefore,
comply fully with all Warning and Caution notices.

2PAA104348R0201 3
Typographic Conventions About This Book

Typographic Conventions
All text entries, shortcuts, prompts, system messages, menu items, screen elements
etc. comply with the Microsoft Windows conventions.

Terminology
You will find a complete and comprehensive glossary at the end of this Manual.
This glossary contains terms and abbreviations that are unique to ABB or have a
usage or definition that is different from standard industry usage. Please make
yourself familiar with the glossary.

Related Documentation
The following list gives an overview of the documentation relating to the DigiVis
500 system.

Title Number
Getting Started 2PAA104347R0203
Engineering Manual, DigiVis 500 Graphics Builder 2PAA104345R0201
Operators Manual, DigiVis 500 Operations 2PAA104346R0201

The manuals listed above are for the DigiVis 500 system only. These manuals
should be supplemented by the AC500 related documentation (PS501 CD,
Documentation).

4 2PAA104348R0201
 Section 1 Security Lock

General Description
Security Lock is a separate auxiliary program for the scalable control system
DigiVis 500. It provides access control for configuration with DigiVis 500 Graphics
Builder and for operation and observation with DigiVis 500 Operations. The
access control system can be implemented for an entire DigiVis 500 System with a
single Security Lock licence.
It is possible, even without Security Lock, to specify during configuration with
DigiVis 500 Graphics Builder whether or not the operator at an operator station is
allowed, for example, to alter a controller set-point. This specification influences the
access rights for every operator on the operator station.
In contrast, with Security Lock, it is possible to give operator A permission to
operate a controller but not operator B.
A prerequisite is that the set-point has been marked as adjustable in the controller
parameter mask. Then with appropriate entries in the tag list, permission to operate
the controller is given to operator A and denied to operator B.
In a system with Security Lock installed, users are required to login before using
DigiVis 500 Operations or DigiVis 500 Graphics Builder.
Technical Limitations:
Number of access groups (user profiles) max. 16
Number of users. max. 1000

2PAA104348R0201 5
Procedure Overview Section 1 Security Lock

Procedure Overview
On the Engineering Station
• Installing Security Lock on engineering station (PC with DigiVis 500 Graphics
Builder)
• Assign groups to project with DigiVis 500 Graphics Builder (Project Tree >
Edit > User groups).
• Using DigiVis 500 Graphics Builder, specify the project rights of each group in
the tag list and in the project tree.

On the Operator Stations

• Installing Security Lock on the operator stations (PCs with DigiVis 500
Operations)
• Determine the groups and their system rights with Security Lock. (if necessary
by copying the file DIGIMAT.UID from the engineering station to the control
station).
• Add user and assign to the groups

Security Lock Installation

Security lock can be installed on every PC which is to be used in the DigiVis 500
System. If there is an operator station without security lock, the users on this station
have all rights.
Security lock installation is carried out by selecting the option security lock in
DigiVis 500 setup. This program puts a file named SECURITYLOCK.EXE in the
DigiVis 500 EXE directory.

Starting Security Lock Setup

The setup of Security Lock is done while installation using the DigiVis 500
Installation CD. Check the Security Lock Option for the PC during installation.

6 2PAA104348R0201
 Section 1 Security Lock Initial Password for starting Security lock

Using the Taskbar, the program can be started as follows:

Start > Programs > ABB Industrial IT > DigiVis 500 > Security Lock

After the installation of Security lock, the user GUEST is logged in DigiVis 500
Graphics Builder and DigiVis 500 Operations.
He has no rights, that means:
• GUEST is not able to configure with DigiVis 500 Graphics Builder.
• GUEST is not able to operate and observe with DigiVis 500 Operations.
For solving this problem you have to configure users, groups and their rights
immediately.

Initial Password for starting Security lock

The Initial Password required to run Security lock for the first time after
installation is: admin

When the program is first run, this password should be changed.

Call-up of Security lock

There are three possibilities to call-up Security lock:

Call-up from DigiVis 500 Graphics Builder

DigiVis 500 Graphics Builder opening menu > Options > Run Security Lock

Prerequisite: The user logged into DigiVis 500 Graphics Builder must be
authorized to configure the Security Lock.

2PAA104348R0201 7
Call-up from DigiVis 500 Operations Section 1 Security Lock

Call-up from DigiVis 500 Operations

DigiVis 500 Operations menu > Options > Run Security Lock

Precondition: The user logged in to DigiVis must be authorized to configure

security Lock.

Call-up from the Windows XP/Windows 7 Task Bar

Start > Programs > ABB Industrial IT > DigiVis 500 > Security Lock

Security Lock Password

General Note on Security Lock Password
The password must be given each time the Security Lock configuration dialog is
started.

di4006uk.bmp

The initial password, which must be used when starting Security Lock for the
first time after installation, is: admin

The password is masked using ******* to prevent it from being compromised.

8 2PAA104348R0201
Section 1 Security Lock Changing the Security Lock password

Changing the Security Lock password

Security Lock > File > Password

di4007uk.bmp

In order to set a new password, the old password must be re-entered. The new
password must then be typed in twice identically. Clicking OK stores the new
password immediately; it must then be used for future starts of the Security Lock
configuration dialog.
If you forget the password, please contact our technical service personnel.

2PAA104348R0201 9
User Interface Section 1 Security Lock

User Interface
Menu overview Security Lock
File Save save current file
Backup backup of the
current file
Restore restore file from
backup
Password Change the pass-
word of security
lock
Exit Exit Security
lock
Edit Add Add a new entry
Delete Delete entries
Modify Modify entries
Rename Rename users or
groups
Set password Change user
password
View Users User data
Group group data
Toolbar Switch on/Switch
off
Status bar Switch on/Switch
off

Description of the Toolbar

All important functions are represented by buttons in the toolbar.

10 2PAA104348R0201
Section 1 Security Lock Configuring users and groups with Security Lock

option in security lock window.bmp

Configuring users and groups with Security Lock

Group data, system rights
Security Lock > View > Groups

di4009uk.bmp

Group name defined by user

CONF configures
COMM commissioning, that is establish connection to operator station and
download configurations
LOCK starts Security Lock
Ext. diag. launches DTM’s on DigiVis (only in a Freelance 800F system)

2PAA104348R0201 11
Group data, system rights Section 1 Security Lock

Group entries can be modified, deleted or created with the Edit menu or with the
appropriate tool from the toolbar.
The group GUEST is always available and cannot be edited, renamed or deleted.
These settings apply to every project run on the associated engineering station.

Add a new group

Edit > Add > Enter a new group

Delete a group

Edit > Delete

Modify group entries

Edit > Modify

di4015uk.bmp

12 2PAA104348R0201
Section 1 Security Lock Group data, system rights

User Data
View > User

di4010uk.bmp

User entries can be edited, deleted or created with the Edit menu or with the
appropriate tool from the tool bar.
Only the user GUEST cannot be edited, renamed or deleted.

A user obtains the system rights of the group assigned to him/her.

Login name
Name of the user, to be used for logging in into system. May be 8
characters long.
User long name:
Arbitrary text. Preferably the exact identification of user.

2PAA104348R0201 13
Group data, system rights Section 1 Security Lock

User group
Name of the group the user is assigned.
A user can be assigned to several groups through different login names

Add a new user

Edit > Add > Enter a new user

Delete an user

Select user entry > Edit > Delete

Modify user entries

Select user entry > Edit > Modify

di4014uk.bmp

Change user password

User password is initially set to the corresponding login name. The password can
be changed by the user, either in DigiVis 500 Operations or in DigiVis 500 Graphics
Builder.
If a user changes his password, the new password is not changed for all PCs in the
DigiVis 500 system. The user has to change his password on every PC in the
DigiVis 500 system, if he wants to have the same password everywhere as the
configuration of Security lock is stored locally. Refer to Security Lock and several
PCs on page 18.

14 2PAA104348R0201
Section 1 Security Lock Security lock on Operator Station

If necessary the supervisor can input a new password for each user.
Menu security Lock > Edit > Set password

Security lock on Operator Station

Group and user data must also be configured on every control station. This can be
done in the same manner as described in Configuring users and groups with
Security Lock on page 11.
To spare unnecessary work, the file DIGIMAT.UID from the engineering PC can be
copied to operator stations after configuring the groups and users.
On the operator station (with DigiVis 500 Operations), the Security Lock operator
sees the following:
• Each user must log in before being allowed to perform any operations.
• The user name always appears in the status line.
• Entries or operator actions recorded in the signal sequence log can include the
login name.
Standard user names
• NOLOCK No Security Lock licence
• GUEST No user logged on, for example just after start of DigiVis 500
Operations
• SYSTEM System-initiated operation events (may appear in the signal sequence
log)
When a user without proper authorization attempts to operate a display, the
following message box appears:

di4014uk.bmp

In addition, the lack of authorization will be signalled in the status line by

highlighting the user name and focus icon in red.

2PAA104348R0201 15
Access rights configuration for the project Section 1 Security Lock

Access rights configuration for the project

Specification of target PC user groups in the project
Different user groups can be defined on the engineering station and the operator
stations. For this reason, the user groups of the target PC must be specified in the
project.
The project tree has a submenu for configuration of access groups.
Edit > User Groups

di4005uk.bmp

> The selected local engineering station groups are added to this
project
>> All groups on the local engineering station are added to this project.
ADD Add a new access group to this project.
DEL Delete an user group from the project.

16 2PAA104348R0201
Section 1 Security Lock Configuring access rights to displays and logs with DigiVis 500 Graphics

Configuring access rights to displays and logs with DigiVis 500 Graphics
Builder.
Which faceplates can be accessed by which user groups is specified in the DigiVis
500 Graphics Builder tag list. Refer to DigiVis 500 Graphics Builder Engineering
Manual.
Project tree > System > Tag list
Select one or more tags by dragging the mouse over them (with the mouse button
depressed)
Edit > Access rights

Which standard displays, logs, graphic displays and reports can be accessed by
which access groups is specified in the DigiVis 500 Graphics Builder project tree.
Project tree > select one or more displays in the project tree by dragging to mouse
over them (with the mouse button depressed)
Edit > Access rights

Inheritance hierarchy of access rights

On inserting a new object, this object will obtain the access rights of its next-higher
project tree node (parent node) as a default entry.
The following inheritance hierarchy has been established in order to simplify the
configuration
• An existing object has to get the modified access rights that applies to its next-
higher project tree node (parent node).
access rights dialog > INHERIT

• The rights currently applying to a project tree node can be forcibly assigned to
all of the objects under it (it’s children).
access rights dialog > PROPAGATE

2PAA104348R0201 17
Security Lock and several PCs Section 1 Security Lock

When an object is moved or copied, its rights (or those of the copy), remain
unchanged.

di4012uk.bmp

Access right applies to all selected objects (displays or tags)

Access right applies to only some of the selected objects.
Access right does not apply to any of the selected objects (displays
or tags).
INHERIT Set the rights over each of the selected objects to those of the
project tree node above it.
PROPAGATE Force the currently configured access rights applying to the selected
project tree node to apply to all of the objects below it (child
objects).

Security Lock and several PCs

If a user changes his password on a PC, the new password is not changed for all PCs
in the DigiVis 500 system. The configuration of Security Lock (user names,
passwords and the assigned user groups) is stored in a file called DIGIMAT.UID in
the Windows directory.
The user has to change his password on every PC in the DigiVis 500 system, if he
wants to have the same password everywhere.

18 2PAA104348R0201
Section 1 Security Lock Security Lock and several PCs

Alternatively copying the file DIGIMAT.UID to the other PCs will change the
password. This is however not possible if the operator station is active.
The configuration of Security Lock is local.

This makes it possible for one user to be assigned to different groups on several
control stations and therefore to obtain different rights, depending on which
control station is logged in.

2PAA104348R0201 19
Security Lock and several PCs Section 1 Security Lock

20 2PAA104348R0201
 Index
A Modify user entries ......................................... 14
Add a new group ............................................. 12
Add a new user ................................................ 14 N
NOLOCK ....................................................... 15
C
Call-up of Security lock .................................... 7 P
Change user password .............................. 10, 14 Project manager menu structure ..................... 10

D R
Delete a group ................................................. 12 Related documentation ..................................... 4
Delete an user ........................................... 14, 16
DigiVis 500 .................................................. 5, 6 S
DigiVis 500 Operations .................................... 5 setup ................................................................. 6
Standard user names ....................................... 15
E SYSTEM ........................................................ 15
EXE ................................................................... 6
T
G Technical Limitations ....................................... 5
Graphics Builder ............................................... 5 Toolbar ........................................................... 10
Group data ................................................ 10, 11
GUEST ..................................................... 12, 15 U
User Data ........................................................ 13
I user groups of the target PC ........................... 16
INHERIT .................................................. 17, 18 User GUEST ............................................. 7, 13
Inheritance hierarchy of access rights ............. 17 user GUEST ..................................................... 7
Initial Password ................................................. 7
initial password ................................................. 8
Installation ......................................................... 6

M
Menu overview ............................................... 10
Modify group entries ....................................... 12

2PAA104348R0201 21
Index

22 2PAA104348R0201
2PAA104348R0201 Printed in Germany, January 2012
Copyright © 2012 ABB, All Rights Reserved
® Registered Trademark of ABB
™ Trademark of ABB

http://www.abb.com/plc
http://www.abb.com/drives

ABB Automation Products GmbH

Wallstadter Str. 59
68526 Ladenburg
Germany
Phone:+49 (0) 6221 701 1444
Fax:+49 (0) 6221 701 1382
e-mail : plc.sales@de.abb.com