×
Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 24141925, Entry date: 06/16/2009
(3)
Rate

Why can you no longer log on to the operator panel (or WinCC flexible Runtime)?

  • Entry
  • Associated product(s)

Description:
If, as from WinCC flexible 2005, a user enters an incorrect password three times in succession, that user is entered in the "Unauthorized" group in the user administration. Only a user with administrator rights can reassign that user to a user group.

How can you avoid "incorrect inputs"?

When the log on dialog is displayed, the last user is shown automatically in the "User" field.


Fig. 01

Make sure that your "user name" is in that field and then enter your password.

Alternatively, as from the 270 series, you can use the script in the sample project attached. With this script a so-called dummy name is automatically entered in the "User" field. The script is executed with the "Log off" system function or when the specified "log off time" expires.

This function ensures that when you log on anew, you must re-enter your name in the "User" field.
Another advantage is that your user name is not shown to people after you and thus remains unknown. This prevents you being entered in the "Unauthorized" group by intentional entry of an incorrect password.

Note:
As from version WinCC flexible 2008, it is possible to set the number of invalid login attempts. The number entered defines how many attempts a user has before being assigned to the "Unauthorized" group. You can set 0 to 9 for the number of invalid attempts. The number 0 stands for an infinite number of login attempts.


Fig. 02

Program description:
Below is a brief description of the attached sample program. Please refer to the configuration directly for details.


Fig. 03

 
Button Function
User 1 Call of page "Machine Parameters Plant 1: "
User 2 Call of page "Machine Parameters Plant 2: "
User 3 Call of the page "User Administration"
Log off Log off of actual user on the operator panel
User info View/hide "User info"
Alarm View View/hide "Alarm View"

The actual user and group number are displayed as additional information.

The following figure shows the "User Administration" page.


Fig. 04

You can only call the "User Administration" page if you log on as "User 3", "Master" or "Admin". Using the "Import / Export" buttons you can import/export the current user administration. You can variably predefine the storage path via a symbolic I/O field.

Note:
The internal "Flash" memory should be used in exceptional situations only.

General tips:

  • When you execute a user administration function, you should subsequently always use the "Log off" function to log off.
  • Create a copy of your user administration (e.g. on an external memory card).
  • Create a user (second administrator) with all rights.
  • Create an alarm view or alarm archive, in which all system alarms are displayed. This permits you to check later when and how often a log off has failed, for example. or whether a user has been put in the "Unauthorized" group.
  • Configure a "User display". With administrator rights you can, for example, reassign a user in the "Unauthorized" group to a user group.
  • Avoid spaces when specifying user names (e.g. user 2 -->  user2).

The attached download contains the archived WinCC flexible project with the functions described above.

Note:
You can use the sample project in WinCC flexible 2007 only as from Hotfix 3. You can download Hotfix 4 for WinCC flexible 2007 in Entry ID 28882233.

  Attachment 1: User_Dummy.zip ( 1899 KB )

Runnability and test environment:
The example can be used on all operator panels that support script functions.
The following table lists the components that have been used to create this entry and verify the functions described.
 

Components Product and version designation
PC operating system Microsoft Windows XP SP2 Microsoft Windows XP SP2 Microsoft Windows XP SP3
Standard tools - - -
Engineering tools - - -
HMI software WinCC flexible 2005 SP1 WinCC flexible 2007 HF3 / HF4 WinCC flexible 2008 SP1
HMI devices MP370 Touch MP370 Touch MP370 Touch
Controllers - - -

Keywords:
Unauthorized, User name

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
http://www.siemens.com/industrialsecurity.