• Home
• HMI Application
• Security for HMI
• User and Role Management

User and Role Management

The access data of the users who are authorized to access the HMI application and the user roles containing the permissions for the user are managed in the User Manager function on the controller (accessible via Web Based Management, WBM). Here you add users, set the user password and assign the user roles. You can choose one or more user roles containing different permissions for each user. These permissions control the access to the HMI application.

PLCnext Technology controller user roles

The following table describes the user roles as shown in the User Manager function that control the access to the HMI application and enable authentication. (The table only describes the user roles that are relevant for security for HMI. For a description of all other user roles, see the section "User roles with Phoenix Contact PLCnext Technology controllers" in the "Network Security: Authentication with User Role and Password" topic.)

User role	Description
EHmiLevel1...EHmiLevel10	The EHmiLevel1...EHmiLevel10 user roles are used for creating the HMI access rights rules in the HMI application. According to these rules, the access to HMI pages/objects can be restricted. The EHmiLevel user roles will be mapped to the user levels 1...10 (EHmiLevel1 to user level 1, EHmiLevel2 to user level 2, and so on) in the HMI application. These user levels are used for defining the expressions that determine the access rule for an HMI page/object. When security for HMI is enabled in the HMI application (see "Enabling Security for HMI in the Project"), the access rules are created using the 'Access' category available for an HMI page/object in the page's/object's properties window. (See the topic "Enforcing Access Rights to HMI pages/HMI objects" how to define the access rules.)
EHmiViewer	The user EHmiViewer can only read HMI data but cannot write them, i.e., values can only be read. Note The user must have at least either the EHmiViewer user role or the EHmiChanger user role assigned in order to log in to the HMI application. This forces the user to authenticate with a valid user name and password when loading the HMI startup page. Once the user is logged in, the access rights rules as defined for the HMI page/object are applied.
EHmiChanger	The user EHmiChanger has read and write access to the HMI data, i.e., values can be read and written. (Observe the note on the EHmiViewer user role for the user authentication.)

Further Info For detailed information on the user management on PLCnext Technology controllers, refer to the user manual of the PLCnext Technology controller. Also refer to the PLCnext Info Center which provides many information and practical user tips on the PLCnext Technology control platform and PLCnext Engineer