PLCnext roles and rights list

User roles and their assigned access permissions in the various applications

The following overview shows the user roles implemented in the firmware. Some user roles have been introduced only with recent firmware updates.

Note: Additional roles may be necessary, e.g. for use with the Device and Update Management.
Applications and services
Application or
service		 Access permission for: User role
Admin SecurityAdmin SecurityAuditor CertificateManager UserManager Engineer Commissioner Service DataViewer DataChanger Viewer FileReader FileWriter EHmiLevel1 .. 10 EHmiViewer EHmiChanger SoftwareUpdate SafetyEngineer SafetyUpdater
SD card,
parameterization memory		 SFTP access to the file system with an SFTP client
Note: noteAuthentication with a user name and password is always required for SFTP access, even if user authentication is disabled. 		                                   
Shell SSH access to the shell
Note: noteAuthentication with a user name and password is always required for SSH access, even if user authentication is disabled. 		                                   
PLCnext Engineer View values in the cockpit (e.g., utilization)                      
Transfer a project to the controller                                
Start (cold/warm restart) or stop the controller                              
Restart the controller (reboot)                                    
Reset the controller to default setting type 1                                    
View online variable values                        
Overwrite variables                                
Set and delete breakpoints                                
Download safety-related programs to the controller        
Note: noteAs of firmware 2023.0 LTS, safety permissions for the Engineer user role are always enabled. 		                     
Note: noteDo not use this user role alone. This role is designed for use as an add-on to other user roles, e.g. Engineer. See detailed description. 		 
Start or stop safety-related programs        
Note: noteAs of firmware 2023.0 LTS, safety permissions for the Engineer user role are always enabled. 		                     
Note: noteDo not use this user role alone. This role is designed for use as an add-on to other user roles, e.g. Engineer. See detailed description. 		 
Debug safety-related programs         
Note: noteAs of firmware 2023.0 LTS, safety permissions for the Engineer user role are always enabled. 		                     
Note: noteDo not use this user role alone. This role is designed for use as an add-on to other user roles, e.g. Engineer. See detailed description. 		 
By means of dedicated tools Update safety-related firmware on the controller                                  
PLCnext Engineer
HMI application		 View online variable values                              
Overwrite variables                                  
OPC UA access by means of a client application View online variable values                        
Overwrite variables                              
Read files                    
Note: noteOPC UA file transfer must be enabled via PLCnext Engineer. 		             
Write files                      
Note: noteOPC UA file transfer must be enabled via PLCnext Engineer. 		           
Update firmware on the controller                                  
Device and Update Management (DaUM) Update firmware, software and projects                                    
Web-based Management (WBM)
Note: Visibility of WBM pages depends on the device and firmware release in use. In addition, some WBM pages could have been deactivated by settings in the System Services.
WBM pages Access permission for: User role
Admin SecurityAdmin SecurityAuditor CertificateManager UserManager Engineer Commissioner Service DataViewer DataChanger Viewer FileReader FileWriter EHmiLevel1..10 EHmiViewer EHmiChanger SoftwareUpdate SafetyEngineer SafetyUpdater
Information or Overview section General Data                
Network configuration                    
Cockpit
Note: notechange user password only
Note: notechange user password only
Note: noteno reboot or reset possible
Note: noteno reboot or reset possible
Note: noteno reboot or reset possible
Note: notechange user password only
Note: notechange user password only
Note: notechange user password only 		               
Diagnostics section PROFINET                
Local Bus                
Notifications                
Integrated UPS                
Configuration section Network -
LAN Interfaces tab
read-
only 		   
read-
only
read-
only
read-only 		                     
Netload Limiter tab
read-
only 		   
read, reset
read, reset 		                     
Date and Time
read-
only
read-
only
read-
only
read-
only
read-
only
read-
only
read-
only
read-
only
read-
only
read-
only
read-
only
read-
only
read-
only
read-
only
read-
only
read-
only
read-
only
System Services                                  
PLCnext Store                                  
Proficloud 
(legacy platform)		                                    
Proficloud Services
(V3 platform)		                                  
SPLC                              
Fan Control                                  
Web Services                                  
Security section Security Profile                                  
User Authentication                                
LDAP configuration                                
Firewall                                  
SD Card                                  
Certificate Authentication                                
Syslog Configuration                                  
Administration section Firmware Update                                  
PLCnext Apps                                
License Management                                  

 

 

 

•  Web browser recommendation: Chrome/Edge 88 or newer, Firefox ESR 90 or neweror Safari  • 
• Published/reviewed: 2023-11-02 • Revision 011 •