Runtime-Based User Management
Note
Whenever possible, use a runtime version >= 3.5 SP18 Patch 1 and CODESYS Visualization version >= 4.2.0.0 for a new project with a visualization.
A runtime-based user management is a user management which is linked to the device user management in order to increase security.
The users are configured in the device user management on the Users and Groups tab of the device editor. If you want a user to have access only to a visualization but not to any device, then assign them a group membership and restrict the group permissions so that they are only allowed access to a visualization but not to any other device functionality.
For more information, see:
Tip
Whenever possible, always use runtime-based user management.
If you want to convert to the legacy user management, then open the User Management → Groups tab in the Visualization Manager and click the Convert to Runtime-Based button. At this time, the user groups are taken over. The credentials of the users will be lost because these then have to be set up in the controller.
Creating a runtime based user management with default groups initially
The default groups are Administrator, Service, and Operator.
Requirement: You have inserted a WebVisu below the Visualization Manager. You want to create a runtime-based user management with standard groups.
Double-click the Visualization Manager object in the device tree.
Select the User Management tab.
Click the Create Runtime Based User Management with Default Groups button.
The Groups and Settings tabs are displayed on the User Management tab. The Administrator, Service, and Operator groups are configured on the Groups tab.
If necessary, to create new user groups, click in the empty field in the Group Name column and specify the name of the new group.
Connect the application to the controller and click the Upload device groups names button.
The user groups of the device user management are uploaded and are now selectable in the Mapping in Runtime Group column.
For the user groups of the visualization of the Group Name column, select a group of the device user management from the list box in the Mapping in Runtime Group column to which the user group of the visualization should be assigned.
By assigning the visualization user groups to the device user groups, the visualization groups get the same permissions on the controller as the respective groups of the device user management.
The visualization user management is now coupled with the device user management. The visualization user groups are now mapped to the device user management groups and get their group rights.
To configure the login operation, see: Setting Up Access Control and Login Procedure
Creating runtime-based user management with group None initially empty
First create an empty user management if you want new created groups with self-determined permissions.
Requirement: You have inserted a WebVisu below the Visualization Manager.
Double-click the Visualization Manager object in the device tree.
Select the User Management tab.
Click the Create Runtime Based Empty User Management button.
The Groups and Settings tabs are displayed.
The Group tab is open.
To create new user groups, click in the empty field in the Group Name column and specify the name of the new group.
Connect the application to the controller and click the Upload device groups names button.
The user groups of the device user management are uploaded and are now selectable in the Mapping in Runtime Group column.
On the User Management tab: For the user groups of the visualization of the Group Name column, select a group of the device user management from the list box in the Mapping in Runtime Group column to which the user group of the visualization should be assigned.
By assigning the visualization user groups to the device user groups, the visualization groups get the same permissions on the controller as the respective groups of the device user management.
The newly created user management groups are now coupled with the device user management and are mapped to the device user management groups. You get their group permissions.
To configure the login operation, see: Setting Up Access Control and Login Procedure