Topic: DMD0259
Password Configuration
The Password configuration is more than simply allowing or denying access to a Do-more controller based on a user ID and password, it involves the creation of accounts that will allow or deny access to the different resources available in the controller. By creating multiple accounts, each with different levels of access, you can efficiently control not only who has access to the controller, but also what each of those users can and cannot do with to the resources in the controller.
The default password configuration in a Do-more controller contains a single user account - Default User - that has no password, and has access to all of the controller's resources. This configuration does not restrict any communication attempt, and does not limit what anyone connected to the controller can do with the resources of the controller.
The Status Bar at the bottom of the Do-more Designer programming window will display the user account that is currently logged in. Link Info dialog (PLC-> Link Setup) shows currently logged in User Account and Privileges in it's Session Information group. Event Log messages will contain the user account in each log entry.
Default User Account
All Do-more controllers will ship from the factory with a predefined Default User account. The default password for this account is blank, and it cannot be changed.
The Default User initially has all of the available privileges, and the account's privileges can only be modified after adding the Administrator account and logging in as the Administrator.
Add - click this button to invoke the Add User dialog to create new password configuration accounts
Edit - click this button to edit the currently highlighted user account
Delete - click this button to delete the currently highlighted user account
Accept - after all changes have been made to the password configuration, click the Accept button to save the changes to the controller
Read PLC - click this button to read the current password configuration from the controller
Cancel - click this button to abort the password configuration session without saving any changes that were made.
Creating the Administrator Account
The first user account that can be created is the Administrator account.
Clicking the Add button the first time will cause the password configuration utility to prompt for a password for the Administrator account, and to choose the optional privileges for the Administrator account.
Note:
The Read Project (RP), Read Data (RD, and Change Password (PW) privileges
are required for the Administrator, and cannot be removed from the Administrator
account.
Once the Administrator account has been created, the Default User account will automatically be changed to have only the Read Data (RD) and Read Program (RP) privileges. At this point the privileges for Default User account can be changed.
Note: The Administrator account can only be deleted if it is the only user account defined. If the Administrator account is ever deleted the Default User account will be recreated with it's default privileges and a blank password.
Creating New User Accounts
Once the Administrator account has been created, up to 15 more user accounts can be created.
User Names - must be 1 to 16 characters in length.
Password/Confirmed - must be 4 to 8 characters in length with no embedded white-space characters. Passwords are also case sensitive. Passwords cannot be left blank.
Account Privileges - are assigned to each new User Name. The default privileges for a New User will allow this account access to all of the programming resources in the controller.
Note: User Accounts must have a minimum of Read Data (RD) and Read Project (RP) to allow an online session with the Do-more Designer programming software.
The following is a list of the available
privileges and details what each privilege allows the user of that account
to access:
Read Data (RD) - user accounts with this privilege can read from all of the data locations in the controller.
Write Data (WD) - user accounts with this privilege can update all of the data locations in the controller.
Read Project (RP) - user accounts with this privilege can read the ladder program, the system configuration, and the documentation from the controller.
Write Project (WP) - user accounts with this privilege can update the ladder program, the system configuration, and the documentation in the controller.
Change System Settings (SS) - user accounts with this privilege can set the system clock, clear the system log, and clear the user log.
Change PLC Mode (PM) - user accounts with this privilege can change the controller mode (PROGRAM, RUN), and invoke the runtime debugging features (Single Scan, N-Scans, etc.).
Change Password (PW) - user accounts with this privilege can create new users and modify existing user accounts (change passwords, add privileges, and remove privileges). User accounts that do not have Change Password (PW) privilege cannot open the Password Configuration dialog.
Update Firmware (FW) - user accounts with this privilege can update the firmware in the controller.
Logging in with a User Account
Any time Do-more Designer requests an online session with the controller that has multiple user accounts, the programmer will be asked to log in by entering the password for one of the user accounts before the online session will be started.
The PLC-> Re-open Session... menu selection allows the programmer to change User Accounts without having to close and re-open the project. This menu selection will prompt the programmer for the password of the User Account to start using. After a successful re-login, the Status Bar at the bottom of the Do-more Designer programming window will display the new user account name.
What are Failed Login Attempts?
As part of the overall System Security suite, the Do-more controller tracks the number of failed login attempts to help prevent attempts at hacking the PLC password. Any time there are 8 consecutive failed attempts at entering the Password the Do-more controller will lock out the ability to login for the next 30 seconds. This must be 8 consecutive failed attempts, a successful login will reset this count to 0.
During this lockout time, the Enter Password dialog will display the text Locked Out!, and the system bit $LoginLockedOut (ST150) will be ON. Note: entering the correct password during the lockout period will NOT allow an online session, the lockout time must expire before a successful online session can be made.
After the 30 seconds of Lockout time has expired the system bit $LoginLockedOut will turn OFF and it take 8 more failed attempts before another lockout can occur. A running total of the failed login attempts is stored in the System Word $FailedLoginCnt (DST386). This does NOT define the number failed login attempts before login sessions are locked out, that number is fixed at 8.
An example of how this might be used in the project is to save the Date and Time that a Lockout occurred.
Clearing the Password Configuration
Clearing the password configuration can be accomplished in the following three ways:
Use the Password Configuration dialog to delete the User Accounts individually. Remember that the Administrator account can only be deleted if it is the only user account defined. If the Administrator account is ever deleted the Default User account will be reset to it's factory configuration with it's default privileges and a blank password.
Perform a Clear PLC Memory utility with the selection for Password Configuration checked, this will remove all of the user-assigned password configuration and if necessary, the Default User account will be restored to it's factory configuration with it's default privileges and a blank password.
Perform a manual reset of the Do-more controller using the information found in the help topic How to Manually Reset the Password Configuration in a Do-more controller. This too will remove all of the user-assigned password configuration and if necessary, recreate the Default User account will be reset to it's factory configuration with it's default privileges and a blank password.
See Also:
User Password Configuration
How to Manually Reset the Password Configuration in a Do-more Controller
How to Manually Reset the Password Configuration in the Do-more Simulator