Académique Documents
Professionnel Documents
Culture Documents
Chapter 3 of the document PROCES-UM003B covers how to create an Architect HMI project starting with
the Rockwell Automation® Library of Process Objects template and the sample HMI framework template.
The Library of Process Objects template “Process Library v4.0 FactoryTalk View SE” (faceplates, Global
Objects, Images and macros), and the sample HMI Framework template “P2fTemplate” (includes
framework displays for headers, button bars, alarming, overview display) can be downloaded as a zip file
from the Product Compatibility and Download Center (PCDC).
After downloading the two templates, the document UM003 describes how to import the templates into
a new Architect project, customize the template frame work displays, and configure the HMI security
privileges.
Chapter 3 of UM003 shows how to first drag-and-drop the framework template into the Architect project
and then how to drag-and-drop individual library objects that are needed for project specific process
strategies (repeating the import for each object as needed). The complete library can also be easily
imported into the project with a single drag-and-drop of the FactoryTalk View SE folder from the Library
Management pane into the PlantPAx_HMI project folder.
Chapter 3 of UM003 next explores basic features of the template framework displays for navigation,
alarming and system status and how to customize them in FactoryTalk View Studio SE software.
Using a sample Studio 5000® Logic Designer application (acd file) consisting of two sub areas, Area01 and
Area02, the UM003 document shows how to how to configure the alarm displays and banners for the
different sub areas in the controller code. Next it demonstrates how modify the overview display by
adding simple pump and analog display objects and configuring them to the different process areas
(Area01, Area02). The next section covers how to configure the new multi-monitor client feature of
Studio for the different sub areas.
Lastly, chapter 3 of UM003 describes how to configure basic FTStudio HMI Tag “A to G” security. Version
3.5 (or below) of the Library of Process Objects used the “A to P” security codes in the faceplates to
control access to features and HMI attributes. The section titled “Configure HMI Security” describes how
to assign basic FTStudio HMI security privileges to the plant personnel using this model. Without security
privilege, personnel cannot access faceplates for specific areas of the plant.
In the previous versions of the library (V3.5 and earlier) the faceplates used all the security codes “A to
P”. The drawback with using security codes “A to P” in the faceplates was that there were no available
spare codes for customer use to customize their security model. Also, the security codes had to be
assigned per user but starting with the Library of Process Objects v4.0 library release each objects (and
faceplate) has a configurable “Area Name for Security” value, which can be used to assign the object (or
faceplate) to a specific process area of the facility. This frees up most of the “H to P” codes for customer
assignable security and makes assigning users to groups much easier. With V4.0, the user groups are
assigned the “roles” (the appropriate security codes) using new “Security Tags” and the users are simply
assigned to groups. The new “Security Tags” can be simply imported into the v4.0 application from a
library supplied import file.
The Library of Process Objects v3.5 used the following user groups. Each group used various security
codes (A to P):
For the new V4.0 Area-based Security feature (runtime security) the new Library of Process Objects v4.0
recommends the same seven User Groups per HMI but each group is only assigned a single security code:
Document UM003 explains how to configuring an object area tag parameter (Cfg_Area) manually using
Studio 5000® Logic Designer to modify the tags in the controller application file (acd file). A section
describes how to configure manually a group of area strings that are inside the desired Add-On
Instruction(s) using the HMI Tag Update tool.
New Configurable Faceplate Area
Note : Document UM003 does not cover the “Library of Process Objects v4.0” new Area Based Security
feature.
Each library faceplate and object has a configurable “Area Name for Security” value, which can be used
to assign the faceplate to an area of the facility. Only users with the privileges for the assigned area can
modify the HMI application. For example, an engineer in Area 1 cannot modify faceplate attributes in
Area 2, unless assigned security for Area 2.
The macro “NavToFaceplate with line of site” uses the command “If CurrentComputerHasGroup( )
Then…” to check the location of the login.
Creating the User Groups
In this section we will create the user groups as recommended by the v4.0 Library release.
Double-Click on Runtime Security. Then click on the Security Accounts button on the Runtime Security
window.
Click to Add button to open the window to add the new user groups.
Click on Create New.
Repeat the above steps to add the following five (5) user groups:
Scroll and select the User “HMI_Operators”. Expand the FactoryTalk View Security Codes. Click the box
to allow the security code A and click OK.
Repeat the above steps to assign the security codes to the following six (6) user groups:
.
• HMI_Operating Supervisor (Only Code B)
• HMI_Maintenance (Only Code C)
• HMI_Maintenance Supervisor (Only Code D)
• HMI_Engineering (Only Code E)
• HMI_Manager (Only Code F)
• HMI_Admin (Only Code G)
After importing the HMI tags, double-click on the HMI tags and verify that the two HMI Tag folders exist:
Const and Security.
For reference: Using the A-P codes assigned to the HMI user groups, you can determine which groups
have permission for each security task. Simply add or remove that group’s security code in the Initial
Value field of the corresponding HMI tag. By importing the tags all of the v4.0 recommended
assignments have been configured.
Note that for each object instance in your PLC code, you will assign an area in Cfg_Area. This area should
correspond to the Area groups that were created in your FactoryTalk User Groups. This tag, along with
the Line of Site macros that we imported earlier, will be compared to the “{cfg_Area}_Advanced” and
“{cfg_Area}_Basic” user groups to grant or deny permissions on the faceplates for these objects.
Library v4.0 added one new controller tag per Object (Cfg_Area):
FactoryTalk Security Areas
Example of an application with two process areas without a Domain Controller:
And …
Example of the two area configuration without a Domain Controller. Note the groups for the two areas:
Area01_Advanced, Area01_Basic, and Area02_Advanced, Area02_Basic.
Domain Controller Area (example)
Example of an application with two process areas with a Domain Controller. The Domain in this example
is named “System”. Each Cfg_Area parameter now includes the Domain name (“System” in this example).
And …
Example of the two area configuration without a Domain Controller. Note the groups for the two areas:
System\Area01_Advanced, System\Area01_Basic, and System\Area02_Advanced, System\Area02_Basic.
Example of Area-based Security Domain Controller Setup:
Defining Users, Areas, and Roles.
Example of Domain Controller Setup:
Assignment of Members to Users, Areas, Roles
For more information on setting up domain controllers see the Library of Process Objects 4.0 release
document “Process-um001b.pdf”. Reference the document for creating Domain Groups and Users, and
for setting up the FactoryTalk Users and Groups defining the HMI Security.
Right-click on Users and select New and FactoryTalk Users … from the dropdown windows.
Enter Oper_User as the user name then click on the Group Membership tab.
Click on Add.
Select the group named HMI_Operators and click OK.
Click OK again.
Add The Remaining Users
Add remaining users and associate them with the appropriate group(s) ….
Repeat adding the following users and assigning them as members of the groups shown below:
To add another area (Area02), simply add the two new groups named “area02_Advanced” and
“area02_Basic”. These two groups will be used to define which Area02 Users have access to the basic
functions on the faceplate or the advanced functions (engineering, maintenance …).
Assigning Users to the Groups
With mutiple process areas defined (example Area01, Area02), note that each user needs to be assigned
not only to the HMI_{group} (example HMI_Operator) but also the “area” group. Operators will be
assigned to the HMI_Operator group and then also to the Area01_Basic group. This limits operator access
to only the faceplate operator controls.
With mutiple process areas defined (example Area01, Area02), Engineers will be assigned to the
HMI_Engineering group and then also to the Area01_Advanced group. This allows the engineer access to
also the advanced engineering features on the faceplates.