mapp Services V5.16
The electronic signature makes it possible to sign actions. If a user attempts to perform a certain action, a dialog box opens on the HMI screen requiring them to enter a username and password. If the username and password correspond to the correct rights, then the action is performed. Such actions might include:
•Changing parameters via the HMI application (e.g. temperature setpoint)
•Starting a cleaning process on the machine
•Aborting the current production process
It is possible to require an electronic signature for any action that is possible on the machine. The use of an electronic signature is logged as an event in the audit trail. This occurs regardless of whether the user possessed the necessary rights for the respective action.
User management uses function block MpUserSignatureUI to create the connection to the HMI application. This function block controls the dialog box. MpUserSignature checks whether the user has the necessary rights to perform the action. This function block then provides information about whether the signature was successful or not.
Collector
An example of the signature process could look like this:
1. Parameter entered
The user enters a new value for the temperature setpoint HMI application. The value is increased from 50 products/minute to 100 products/minute.
2. New parameter stored temporarily
Following the entry, a PV in the application is set to the new value. It is a temporary PV that has no direct effect on the process. At the same time, the Completion data point of the input field is set to a certain value. This value corresponds with the "ActionID" defined in the MpUserSign configuration. For example, an action with "ActionID" 1 in the configuration requires a user level of 100. In our example, data point "Completion" is set to 1.
3. Dialog box for electronic signature
If MpUserSignatureUI detects that the Completion data point is not equal to zero, then the electronic signature dialog box is opened.
In this dialog box, the user is required to enter a username and password. It is also possible to add an optional comment stating the reason for performing the respective action. The user can either confirm the signature with OK , or close without confirming by selecting Cancel .
4. Data is verified
Next, the process of verifying the user's input begins. In the image below, the items in red show a canceled signature. This may be due to one of the following reasons:
•The user can press Cancel to consciously cancel the process.
If the signature process is canceled by the user, then output "Rejected" on MpUserSignature is set for a cycle.
•The user entered an incorrect username or password. In this case, a login attempt ("LoginAttempts") is made. This means that if the username or password is entered too often incorrectly, the user will be blocked. The number of login attempts is defined in the MpUser configuration. If all signature attempts failed, the signature process is aborted. The signature process can be started again with the same number of signature attempts. The login attempts are not increased again.
•The user does not have a high enough user level to perform the desired action.
If the signature process fails (see previous item), the procedure can be repeated. If the maximum permissible value of fail attempts is reached, then output "Rejected" on MpUserSignature is set for a cycle.
•In the application, the temporary PV is also reset to the value of the active process variable. In our example, the production speed of 50 products/minute is written to the temporary PV.
The green branch shows step-by-step what a successful electronic signature looks like:
•First, the user confirms that they want to perform the action by selecting the OK button.
•Then, MpUserSignature checks whether the username and password are correct.
•If they are, the next step is to verify that the user has the necessary rights (user level). In our example, the user must have a user level of 100.
•If so, then the electronic signature has been applied successfully. Output "Released" of MpUserSignature is set for a cycle.
•In the application, the active process variable is set to the value of the temporary PV. In our example, the speed value of 100 products/minute – that was entered and electronically signed in the HMI application – is written to the PV used for production.