How can you verify a logged on user at runtime when using SIMATIC Logon (as from V1.3)?
The WinCC User Administrator does not provide any functions by default that can be used to verify currently logged on users through password querying. WinCC has functions for triggering and executing a logon procedure. However, this means that there is a new logon even if the current user name is used again for the logon. Logon is usually linked to a picture change (calling the Start picture) and the closing of all faceplates.
Often, just before execution of a switching action, there is a demand for checking the user currently logged on by an additional password query. There is not to be a renewed logon. After successful verification of the user the switching action is to be executed and the operator action stored as an operator input message. This prevents unauthorized operator actions, e.g. when the user currently logged on is absent for a brief time without logging off from the system.
The SIMATIC Logon option permits you to verify a user at runtime. This entry describes the procedure for SIMATIC Logon V1.3 and higher. As from this version of SIMATIC Logon the "SIMATIC Logon Development Kit" is available. Information on this is available in:
- the manual "SIMATIC Logon SIMATIC Electronic Signature" - Entry ID: 34519648.
- the manual "SIMATIC Logon Programming Guide" (after installation this manual is available in the directory: "...\SimaticLogon\developmentkit").
Entry ID 24458070 describes the procedure for SIMATIC Logon up to and including V1.22.
With the "ISLSScripting" interface the "SIMATIC Logon Development Kit" permits you to run a user verification at runtime using VBScript. This entry provides a VBScript (function "SL_VerifyUser") that uses the "GetLogon" and "AuthenticateUser" methods of the "SIMATIC Logon Development Kits" to verify a logged on user at runtime.
The following table describes the settings required for proper functioning.
|1||Open the Windows "Computer Management" (right-click on "MyComputer" and click on "Administrative Tools") and then click on "System" > "Local Users and Groups".|
|2||Create a new user in a new group if necessary in the "Users" and "Groups" folders and then close "Computer Management".|
|3||In WinCC, open the "User Administrator" and create the same group (name) and the same user (name) as created in Windows.|
|4||Assign the user rights and check the"SIMATIC Logon" check box.|
|5||Open the Global VBS editor, create a new project module and save the script from the file SL_VerifyUser.txt (contained in SL_VerifyUser.zip)|
Copy the bmo file in the "" folder of the WinCC project, compile and save the script.
Call the "SL_VerifyUser" function before the required operator action and check whether the return value is "true" (current user) or "false" (another user or abort in the Login dialog). Trigger the operator action and any operator input after successful user verification. Verifying the user can be done with an onclick event of a button.
If SL_VerifyUser = TRUE Then
SL_VerifyUser.zip ( 3 KB )
The following table describes the structure and function of this script.
|1||Declaration and initialization|
In the first part of the script constants are defined and the tags used are declared and initialized. In order to access the SIMATIC Logon interface with WinCC VBScript at runtime the COM interface must be initialized with the call "CreateObject".
|2||Verify the user currently logged on
|3||Release resources and close the function|
In this part the resources used are released again and the function closed. Upon successful user verification the "SL_VerifyUser" function returns the value TRUE, otherwise the value FALSE.
These instructions have been tested with the following versions.
|Product and version designation|
|PC operating system||Microsoft Server 2003 SP2|
|HMI software||WinCC 7.0|
|Options||SIMATIC Logon 1.4 SP1|
GMP, Pharma, Life Science, Validation, FDA 21 CFR Part 11