mapp Services V5.16
This configuration is always necessary whenever user management should be implemented via mapp. The data in this configuration applies to the entire machine. For this reason, only one of these configurations is permitted to be added per machine (or per machine configuration in the Configuration View in Automation Studio). All user groups and users created via this configuration are valid at any login point (panel where someone can log in with username and password). The MpLink of this configuration is not used for any MpUser functions or function blocks.
The configuration can be adapted at runtime via function block MpUserConfig.
The passwords in this configuration can be encrypted. For additional information, see section "Password encryption in the configuration" under General conditions.
•Show advanced parameter
Name |
|||||||||
General Settings |
|||||||||
Password change interval |
|||||||||
User expiration time |
|||||||||
Admin unlock time |
|||||||||
Password change required |
|||||||||
Password case |
|||||||||
Password alphanumeric |
|||||||||
Password length |
|||||||||
Password special characters |
|||||||||
Username length |
|||||||||
Password History Size |
|||||||||
No delete |
|||||||||
Login attempts |
|||||||||
Signature attempts |
|||||||||
Edit users with same user-level |
|||||||||
User Import Mode |
|||||||||
Group Import Mode |
|||||||||
Unchecked Import |
|||||||||
User groups |
|||||||||
User Group: {/Name} |
|||||||||
Name |
|||||||||
Level |
|||||||||
Administrator |
|||||||||
Rights |
|||||||||
Access right 1-20 |
|||||||||
Users |
|||||||||
User: {/UserName} |
|||||||||
UserName |
|||||||||
GroupName |
|||||||||
FullName |
|||||||||
Password |
|||||||||
Preferences |
|||||||||
Additional Data |
|||||||||
Data: {/Key} |
|||||||||
Key |
|||||||||
Value |
|||||||||
id_Mgr_PasswordChangeReq
If an administrator changes a user's password, then the user must again change the password at the next login. The user will not have any access rights until the password is changed. To enable this behavior, set this parameter to TRUE.
id_Mgr_PasswordHistory
This parameter specifies how many passwords are saved and no longer permitted to be used for each user. The permissible range of values is 0 to 5. 0 disables this function entirely.
General settings
General settings can be defined in the first section of the configuration.
All password parameters apply only to new users created via the HMI application using MpUserManagerUI. These rules do not apply to users created using the configuration system in Automation Studio or MpUserCreateUser.
•Password change interval: Interval in which the password must be changed
•User expiration time: Expiration time for the validity of the user account
•Admin unlock time: When the specified time expires, a locked administrator becomes unlocked. (Unit: [sec]) If 0 is specified, the administrator is not automatically unlocked. The unlock function is not available with 0.
•Password change required: Requires password change on first login. If an administrator changes a user's password, then the user must change the password again at the next login. The user will not have any access rights until the password is changed. To enable this behavior, this parameter must be set to TRUE.
•Password case: Requires password to have both upper- and lowercase letters
•Password alphanumeric: Requires password to have alphanumeric characters
•Password length: Minimum password length. At least one character must be specified. It is not permitted to have a password length of 0.
•Password special characters: Defines whether a password must contain special characters
•Username length: Minimal length for entering a new username
•Password history size: Specifies how many previous passwords cannot be reused. A value between 0 and 5 can be entered. Specifying 0 disables the function entirely. If 2 is specified, for example, the new password is not permitted to match any of the last 2 passwords.
•No delete: Deletion of users not allowed
•Login attempts: Maximum number of failed login attempts until the user is blocked. If 0 is entered, the user will never be locked. User groups with administrator rights are locked for up to an hour. They are unlocked after a warm restart of the machine.
•Signature attempts: Maximum number of possible failed signature attempts until the signature process is aborted. The login attempts ("LoginAttempts") and the signature attempts are related to one another. Any incorrect user input during a signature attempt will also result in a login attempt. If there are 2 signature attempts and 1 login attempt, the user will be locked after one failed signature attempt, i.e. entering an incorrect password/username. If the signature is aborted, the login attempt is retained. For more information, see here.
•Edit users with same user-level: Defines whether an admin user is permitted to edit the same user level
•User import mode: Mode for group import. For additional information, see "Import modes".
•Group import mode: Mode for group import For additional information, see "Import modes".
•Unchecked import: Ignores the checksum in the import file. For additional information, see "Import modes".
User groups
User groups can be defined in section "User groups". A unique name must be assigned for each user group with "Name". "Level" defines which user level the group should have. "Administrator" can define whether the user group should be an administrator. The rights for the group are defined with "Rights". For more information, see Access rights, levels and functions.
Users
Individual users can be created in section "User". A unique name must be assigned for each user with "UserName". "GroupName" defines which user group the user is assigned to. The full name of the user can be specified with "FullName". "Password" defines the password for the user. "Preferences" defines which language and unit are preferred by the user.
Additional information for the user can be stored under "Additional data". This can include a telephone number (telNr) and email address (eMail), for example.
Import modes
User data can be imported and exported using MpUserManagerUI.
How data should be imported can be defined in the configuration under sections User import mode and Group import mode. There are 6 different modes:
•Skip (do not import): No data is imported.
•Ignore existing items: All new data (users / user groups) is imported. Already existing data is not overwritten.
•Overwrite existing items: All data is imported. Any existing data is overwritten. Default users that were created in the MpUser configuration are also overwritten and therefore no longer available as default users in the configuration.
•Ignore default items: All user data is imported. Default users that were already created using the Automation Studio configuration are not overwritten.
•Overwrite items only: All existing data is overwritten. New data is not imported. Default users that were created in the MpUser configuration are also overwritten and therefore no longer available as default users in the configuration.
•Remove existing items: All data is imported. Any existing data that is not in the imported file is deleted.
If a file is imported that overwrites existing users/groups, this operation can be made to require confirmation. Confirmation takes place in a dialog box. How many conflicting files there are is also displayed. It is also possible to confirm the overwrite procedure for all files.
This option is enabled in structure MpUserMgrUISetupType using parameters "ConfirmOverwriteUser" and "ConfirmOverwriteGroup".
