User rights

<< Click to Display Table of Contents >>

Navigation:  »No topics above this level«

User rights

mapp Services V5.16

Requirement

Each user should have different rights for a machine. In other words, some users should be prevented from carrying out some functions (e.g. modifying recipe data) while these functions are accessible to other users.

There should be a list of user groups with different rights available. This list is defined while developing the machine but can also be changed at runtime. This means that the administrator can assign or revoke rights for the machine operator, for example. The administrator can only assign rights that he also has.

Solution

Component list

MpUserLogin (own MpLink): Logs a user in/out

MpUserLoginUI (MpLink from MpUserLogin): Logs a user in/out via the HMI application

MpUserManagerUI (MpLink from MpUserLogin): Controls user rights

MpUserAccessRight (MpLink from MpUserLogin): Checks user rights

Connection diagram

mpuserusecase_2_connection

 

 

Configuration

The MpUser and MpUserLogin configurations are added. The different user groups are created and their rights assigned in the MpUser configuration. User rights are linked to certain machine functions. Rights management could look something like this:

Function

Rights index

Operator 1

Operator 2

Supervisor

Move standard axis

1

Actuate (perform movement)

Actuate (perform movement)

Full (perform movement + change axis parameters)

Move service axis

2

None

Actuate (perform movement)

Full (perform movement + change axis parameters)

Acknowledging critical alarms

3

View (alarm list view)

View (alarm list view)

Full (alarm list view + acknowledge alarms)

Modify recipe data

4

View (recipe list view)

Actuate (recipe list view + load recipes)

Full (recipe list view + load recipes + save recipes)

mpuserusecase_3_config

Using the mapp components

The MpUserLogin, MpUserLoginUI, MpUserManagerUI and MpUserAccessRight components are added. The components are connected to one another as depicted in "Connection diagram".

The components are then configured.

MpUserLogin generates a login point where the user can log in with username and password.

MpUserLoginUI and MpUserManagerUI return the corresponding data points for a VC4-based HMI application (e.g. login, change password, rights management). To establish a connection to the HMI application via these components, see section VC4 templates.

If a user now logs in, mapp user management checks his rights and unlocks only the necessary functions. If the user is an administrator, then he can edit rights as needed. MpUserAccessRight can be used to check which rights the currently logged in user has for a certain function.