Security on the NJ501
Warning: before you do any changes to the security settings of your program or NJ501, first create a backup via the export function. And store all the passwords you set in a safe place. Programs or controllers that are locked through passwords can not be unlocked without the correct password. |
The NJ501 machine controller has several security features. They are:
- Access control
- Check of controller name and optional serial ID before performing online operations
- Protection of intellectual property
- Matching programs to controllers by an Execution ID
Access Control
The access control restricts online operations to prevent damage to equipment or injuries made by operating mistakes. Some examples are:
- I/O Monitor: Writing, forced refreshing, etc.
- Controller operations: Changing the operating mode, online editing, MC Test Run, etc.
To have access control it must be set up in Sysmac Studio first. In the Controller menu select Security − Setting of Operation Authority. Here you can enable the access control.
There are two user levels.
- Administrator, is allowed to do all operations
- Maintainer, is only allowed to do a limited number of operations, mainly monitoring.
For more information on access control levels refer to manual W504-E1-1 Sysmac Studio Version 1 Operation Manual.
The access control (Operation Authority) must be enabled and an inactivity timer (Lock timer) can be set. A good value to set the timer to is 10 minutes.
Download the settings to the controller and now the controller can only be accessed by logging in as Administrator or Maintainer.
To prevented the program being overwritten enable the Write protection at startup. This is done in the Controller Setup in the Configuration and Setup tab. If enabled the controller can not be overwritten by an unauthorized person. The write protection can be disabled temporarily by selection when Online in the Controller menu the Security - Write Protect Setting Switch. In this way write protection is turned on or off. But when having the Write protection at startup enabled the controller is always write-protected when restarted.
Check of controller name and optional serial ID before performing online operations
When connecting directly to the NJ501 via USB it is obvious to which controller Sysmac Studio in connected to. But connecting to an Ethernet network with multiple controllers is not so clear. First of all the controllers are uniquely identified by IP-address. However IP-addresses can change. Therefore the NJ501 has the feature that the name of the controller in the Sysmac Studio project must be equal to that stored in the controller. If the names do not match a warning screen pops up. A selection can be made to ignore the name difference and still go online, but that is then the responsibility of the user.
To set the name of the controller in the project select the correct controller in the Multiview Explorer and right-click the controller icon to the right of the controller's name. Default the name of the controller is new_NJ501_*. Naturally the controller should be given aname that explains its function. Next the name needs to be put in the controller. Go online to the controller and select from the menu bar Controller - Update CPU Unit Name ... The name of the controller in the project will be transferred to the controller Sysmac Studio is connected to. During setting of the Unit name the Serial ID is transferred from the controller to the project.
As well as ensuring the names match, also the Serial ID of the controller can be set to be compared. In this way it is assured that the online functions are performed on the correct controller. The Serial ID must first be retrieved from the controller before this option can be enabled. This is done when the name is set in the controller. By default the Serial ID is checked when going online. This can be changed in the Options of the Controller - Communication Setup.
Protection of intellectual property
When downloading a project into a NJ501 controller, by default the source code of the project is downloaded together with the executable program. This allows engineers onsite to upload and edit the project, seeing all the source code and comments even if they don't have the correct version of the project file with them. However youmay want to prevent theft of the project by uploading the project file from the controller by an unauthorized person.
To download only the executable program select the option Do not transfer the program source in the Synchronization screen.
Matching programs to controllers by a Execution ID
To be sure that a program is only executed on a specific controller the program can have a Execution ID set. The same Execution ID must be set in the controller. If there is no match between the IDs stored in both the program and the controller then the controller will not execute the program. The Execution ID can only be set once to a program.
Set the Execution ID via menu Controller - Security - ID for User Program Execution... If Online the Execution ID is set directly in the program and controller or if offline just in the project.
The Execution ID in the project can not be reset so make sure to have a backup of the project created via the export function. The Execution ID in the controller can be reset by performing the Clear All Memory function.
For more information on Security please refer to chapter 9.4 of manual W501-E1-1 NJ-series CPU Unit Software User's Manual
Warning: before you do any changes to the security settings of your program or NJ501, first create a backup via the export function. And store all the passwords you set in a safe place. Programs or controllers that are locked through passwords can not be unlocked without the correct password. |