Configuring a User Management and Permissions for a Project and Objects

In a CODESYS project, you can manage user accounts with different permissions. For each user account, you can define the actions with which the user can access a project object.

You create users and groups in the Users and Groups category of the Project Settings. Assign general permissions to the created users and groups in the permissions dialog of the user management (Project → User Management → Permissions). For individual project objects, this is done on the Access Control tab in the object properties.

Note the following before creating users and groups:

Permissions can only be assigned to user groups. As a result, you need to assign each user to a group.
There is automatically always a group Everyone and by default every user and every other group is initially a member of this group. As a result, each user account is automatically provided with at least the defined default permissions.
You cannot delete the Everyone group or remove members from this group. You can only rename the group.
Important
By default, Everyone does not have the permission to change the current user, group, and permission configuration.
There is automatically always an Owner group which contains an Owner user. In V3.5 and higher, only the Owner initially has permission to change the current user, group, and permission configuration in a new project. As a result, only the Owner can assign this permission to another group.
Initially, the Owner can log in with the Owner user name and an empty password.
You can add more users to the Owner group or remove users from it, but at least one member has to remain. Like Everyone, you cannot delete the Owner group and it always has all permissions granted. This prevents a project from being rendered unusable by denying all permissions to all groups.
You can rename both the Owner group and the Owner user.
When the programming system or a project is restarted, no user is initially logged in to the project. However, the user can then login via a specific user account with user name and password in order to get the permissions defined for the account.
Each project has its own user management. Therefore, in order to get specific permissions to a library integrated into the project, for example, the user must explicitly log in to the library project.
Users and groups defined in different projects are not the same, even if they have the same names.
A user management in a project only makes sense when it is connected with corresponding permissions assignment for the access to project and objects. The general permission management for a project is done in the Permissions dialog of the user management (Project → User Management → Permissions). You can also change the permissions to an individual project object on the Access Control tab of the Properties of the object.
There are default menu commands under Project → User Management for logging into and out of a project as a defined user. A password manager is used to manage the credentials on your computer.

Note the following before assigning permissions:

In a new project, CODESYS always sets all permissions to execute actions on objects with the default value granted (default permission). The only exception to this is the permission to change the current user, group, and permission configuration. Initially only the Owner group has this permission.
If you are member of a group which is allowed to change permissions, then you can do this at any time for each permission when working further on a project. You change a permission by switching between granted and denied or by clearing to the default.
For more information, see below: "Using permissions to protect objects".

Tip

In V3.5 and higher, only the Owner initially has permission to change the current user, group, and permission configuration in a new project. As a result, only the Owner can assign this permission to another group.

Important

CODESYS saves the user password and makes it inaccessible. If you forget a password, the user account will be unusable. If you forget the Owner password, then the entire project may become unusable.

Setting up a user management for a project

Logging in with a user account and the password manager

Note: The user management is the basis for a user-specific login with a password: See: Password-Protecting the Project – Password Manager, Logging in with a user account and the password manager

Tip

This is relevant for a user management for a CODESYS project file. Visualizations and devices can have their own user management.

Tip

In the Project Settings dialog, in the Users and Groups category, you can use the Export/Import functionality to apply the user management from another project. For more information, see: Dialog: Project Settings

The following instructions describe how you can configure the user management for the first time in a project. It deals with the definition of a user and a group to which the user belongs.

Requirement: The project for which the user management should be set up is open. There is no modified user configuration yet.

In the Project Settings dialog, open the Users and Groups tab and then the Users tab. The Owner user is already created by default.
Click the Add button.
The Add User dialog opens.
Specify a login name (example: "Dev1") and a password. Leave the Activated option selected. Click OK.
When you create a group for the first time, CODESYS prompts you to authenticate yourself to perform this action.
In this case, specify "Owner" as the Current user. Do not enter a password; just click OK.
The Dev1 user is displayed in the list and is automatically a member of the 'Everyone' group.
Change to the Groupstab to add the user to a new group.
The Everyone and Owner groups have already been created.
Click Add to open the Add Group dialog.
Specify at least one name for the new group (example: "Developers"). Select the check box next to the User "Dev1" entry in the Members field. Click OK.
The Developers group now appears with has user member 'Dev1'.
Click the Users tab.
The Dev1 user now is now displayed as a member of the "Everyone" and "Developers" groups.

Using permissions to protect objects

Procedure. Protection of individual objects by setting permissions in the 'Permissions' editor

Click Project → User Management → Permissions.
The Permissions editor window opens. The left side contains the action categories. The right side contains the user groups which are currently available.
Expand the relevant action category and below it the action for which you want to change a permission.
In the Actions window, select the target of the action. In the Permissions window, select the group for which you want to change the permission. Multiselection is possible.
The buttons in the toolbar are enabled.
Click the respective button in order to change the permission of the group for the action on the target object.
CODESYS refreshes the symbol in front of the group according to the new permission. The permission is applied immediately.

Procedure. Protection of individual objects by setting permissions in the object properties

Here you can configure whether the members of a group have permission to view, edit, or remove an object of a project, or add or remove child objects.

In the navigator tree, select the object.
In the context menu, click Properties. In the dialog, select the Access Control category. For more information about the dialog, see: Dialog: Properties: Access Control
In the table under Groups, Actions and Permissions, double-click the symbol of the permission that you want to change.
A list box of the possible permissions is displayed: Grant, Deny, Clear.
Select the desired permission and click Accept or OK.
The permission is applied immediately for the action and the group. The symbol changes accordingly.

Logging in with a user account and the password manager

For more information, see: Password-Protecting the Project – Password Manager and Logging in with a user account and the password manager