Safety Configuration in Workvisual

Safety configuration Page 1 of 19
Contents
Safety configuration
Safety configuration in WorkVisual
The safety configuration in WorkVisual comprises the following areas:
Area Description
The local safety configuration comprises the parameters in the Local safety configuration
Local safety configuration
window. The parameters can be edited.
These include the parameters relevant to safe communication within a robot network.
The safety-relevant communication parameters cannot be displayed or edited directly.
Safety-relevant communication parameters
However, various actions in WorkVisual have an effect on the safety-relevant
communication parameters, e.g. if a RoboTeam is configured.
When a project is transferred to the real robot controller, the entire safety configuration is always transferred at the same time.
Editing the local safety configuration

Description
A newly added robot controller is without a local safety configuration in WorkVisual. A robot controller without a local safety
configuration can be recognized by the fact that the text of the Safety controller node on the Hardware tab in the Project structure
window is grayed out.
The robot controller is automatically assigned a local safety configuration in WorkVisual when the Local safety configuration window is
opened. The robot controller is assigned a local safety configuration during code generation, if none has been assigned already.
The local safety configuration can be edited in WorkVisual. The changes always apply to the robot controller which is currently set as
active.
Precondition
• The robot controller has been set as the active controller.
• A robot has been assigned to the robot controller.
Procedure
1. Double-click on the node Safety controller on the Hardware tab in the Project structure window. The Local safety configuration
window is opened.
2. If a safety option, e.g. SafeOperation, is used:
1. Select the Global parameters area on the General tab.
2. Set the check mark in the Safe monitoring check box there. Only then can the monitoring functions be edited.
3. Edit the parameters of the safety configuration as required.
4. Close the Local safety configuration window.
Parameters of the local safety configuration

The standard parameters are described here. Information about parameters which refer to a particular safety option can
be found in the documentation for the specific safety option.
“General” tab (8.2)

Hardware options
mk:@MSITStore:C:\PROGRA~2\KUKA\WORKVI~1.0\DOCUME~1\KST_WorkVisua... 11/15/2022
Parameter Description
Select here which interface is used:
• ProfiSafe
• SIB
• SIB, Extended SIB
• SIB with operating mode output
Customer interface
• SIB with operating mode output, Extended SIB
This option is available with System Software version 8.2.4 or higher.
The following interfaces are available with the controller variant “KR C4 compact”:
• ProfiSafe
• X11
• Deactivated : The peripheral contactor is not used. (Default)
• By external PLC : The peripheral contactor is switched by an external PLC via input
US2.
• By KRC : The peripheral contactor is switched in accordance with the motion enable. If
motion enable is present, the contactor is energized.
Input signal for peripheral contactor (US2)
Notes:
• For robot controllers with peripheral contactors and the “UL” option, this parameter
must be set to By KRC .
• For robot controllers with no peripheral contactors, this parameter is deactivated
(default setting) and is not displayed.
If the “Operator Safety” signal is lost and set again in Automatic mode, it must be
acknowledged before operation can be continued.
• By acknowledgement button : Acknowledgement is given, for example, by an
Operator safety acknowledgement acknowledgement button (situated outside the cell). Acknowledgement is
communicated to the safety controller. The safety controller re-enables automatic
operation only after acknowledgement.
• External unit : Acknowledgement is given by the system PLC.
Change log
Every modification to the local safety configuration and every saving operation are automatically logged. The log is displayed here.
Machine data
The machine data of the safety controller are displayed here.
It is not necessary to press the Import machine data button. There are currently no applications in which this is necessary.
Communication parameters
The Profinet Safety ID is displayed here. This is required if the robot controller is used as a PROFINET device. The ID can be
changed when ProfiSafe is selected as the customer interface.
“General” tab (8.3)

Hardware options

Customer interface • Automatic
• SIB with operating mode output
• Deactivated : The peripheral contactor is not used. (Default)
• By external PLC : The peripheral contactor is switched by an external PLC via input US2.
• By KRC : The peripheral contactor is switched in accordance with the motion enable. If motion
enable is present, the contactor is energized.
Notes:
Input signal for peripheral • For robot controllers with peripheral contactors and the “UL” option, this parameter must be set to
contactor (US2) By KRC .
• For robot controllers with no peripheral contactors, this parameter is deactivated (default setting)
and is not displayed.
The system variable $US2_VOLTAGE_ON indicates the status of the peripheral voltage US2:
• TRUE: Voltage is switched on.
• FALSE: Voltage is switched off.
If the “Operator Safety” signal is lost and set again in Automatic mode, it must be acknowledged
before operation can be continued.
Operator safety • By acknowledgement button : Acknowledgement is given, for example, by an acknowledgement
acknowledgement button (situated outside the cell). Acknowledgement is communicated to the safety controller. The
safety controller re-enables automatic operation only after acknowledgement.
Change log
Machine data
changed when the PROFINET Device Stack is activated.
“General” tab (8.5 or higher)

Global parameters
• Check box active : Cartesian monitoring is active.
• Check box not active : Cartesian monitoring is deactivated.
Notes :
• Cartesian monitoring is active by default. If Cartesian monitoring is not possible, WorkVisual
Cartesian monitoring indicates this with an error message during code generation.
• If simulated axes are used, the Cartesian monitoring can be deactivated.
• If simulated axes are used and Cartesian monitoring is active, it is not until the test on the robot
controller that it can be ascertained whether the kinematic system can be moved. (It is not
possible to determine this beforehand.) If the kinematic system cannot be moved, a message is
generated on the robot controller, indicating that Cartesian monitoring is not possible.
Danger to life and limb due to missing risk assessment

To operate a kinematic system for which safe Cartesian monitoring is not possible, this monitoring can
be deactivated. Failure to identify risks that may result from the deactivation may result in death or severe injuries.
• Before deactivating the safe Cartesian monitoring, perform a risk assessment.
The Cartesian monitoring: check box refers to all Cartesian safety functions, including safe Cartesian monitoring in T1
mode. The check box is always present, irrespective of whether a safety option is used or not.
There is always a basic, non-safe limitation of the speed in T1 mode to <= 250 mm/s as well as a safe monitoring of the
axis-specific speed. They are not influenced by the setting Cartesian monitoring: .
Hardware options
• Automatic
• SIB with operating mode output or Discrete with operating mode output (only one of these two
Customer interface entries is displayed. Which entry is displayed depends on the controller version.)
Note: While this box is displayed for certain controller variants, it is grayed out and has no effect.
Variants affected: (V)KR C4 compact, (V)KR C4 smallsize, (V)KR C4 smallsize-2.
The box still has no effect for these variants, even if the setting has been modified! This may be the
case, for example, if a different controller variant was previously selected.
Deactivated : The peripheral contactor is not used. (Default)
By external PLC : The peripheral contactor is switched by an external PLC via input “US2”.
By KRC : The peripheral contactor is switched if the following conditions are met:
• No operator safety message is active.
• No E2/E7 message is active. (Only relevant for VSS.)
• Drives are switched on.
• The motion enable signal is present.
Notes:
Input signal for peripheral
• For robot controllers with peripheral contactors and the “UL” option, the setting By KRC must be
contactor (US2)
selected.
• For robot controllers with no peripheral contactors, this box is grayed out and has no effect.
Variants affected: (V)KR C4 compact, KR C5 micro
• $CRIT_PERI_ACK_REQ can influence the behavior of the US2 peripheral contactor.
Peripheral contactor (US2)
The system variable $US2_VOLTAGE_ON indicates the status of the peripheral voltage US2:
• TRUE: voltage is switched on.
• FALSE: voltage is switched off.
If the “Operator Safety” signal is lost and set again in Automatic mode, it must be acknowledged
before operation can be continued.
Operator safety • By acknowledgement button : Acknowledgement is given, for example, by an acknowledgement
acknowledgement button (situated outside the cell). Acknowledgement is communicated to the safety controller. The
safety controller re-enables automatic operation only after acknowledgement.
Change log
Machine data
changed when the PROFINET Device Stack is activated.
Preventing an unexpected start of the peripheral devices
Behavior with/without additional enabling

Default behavior (= without additional enabling)
If there is a peripheral device (e.g. a milling tool) controlled via the PLC in the cell, it is possible for the device to be started up in T1
and T2 mode just by pressing the enabling switch. In such a case, the robot or an external axis cannot yet start up.
It is possible to prevent such an unexpected start-up of the peripheral device by configuring an additional enabling signal.
Danger to life and limb due to missing additional operator action

The start-up of a peripheral device through the simple use of the enabling switch is not permissible if as
a result there is a possibility of the device causing damage to property or injury. According to applicable standards, the device may,
in this case, only start up after an additional operator action.
If no additional operator action is carried out, property damage, injuries or death to persons may result.
• Introduce an additional operator action, e.g. the “additional enabling” described here.
According to applicable standards, there are several options for what the specific additional operator action may look like. With the
“additional enabling” described here, KUKA offers a standard-compliant option.
Behavior with additional enabling

If additional enabling is configured, the behavior is as follows:
• If a peripheral device is present, the robot controller displays the message M_3303 upon pressing the enabling switch:
Acknowledge or press the Start key to enable critical peripheral equipment.
• The peripheral device starts up only once the message has been acknowledged or a start key (“Start forwards” or “Start
backwards”) has been pressed.
While the message is active, the robot can be moved in T1 using the jog keys without the peripheral device starting up.
Configuring additional enabling

Precondition
$machine.dat must be edited for the configuration. This can be done on the robot controller or in WorkVisual.
Precondition if the $machine.dat file is to be edited on the robot controller:
• User rights: function group Critical KRL program changes
Procedure
Make the settings in the $machine.dat file: open the $machine.dat file under KRC:\STEU\Mada.
1.
2. Allocate SIGNAL $CRIT_PERI_ACK_REQ $CRIT_PERI_ACK_REQ either to $IN[1025] or to another input.
• $IN[1025]: the “additional enabling” is permanently active since $IN[1025] is permanently TRUE
• Other input: additional enabling can be set to active or inactive via this input
3. Allocate SIGNAL $CRIT_PERI_ACK $CRIT_PERI_ACK to an output.
This step is only necessary in the following cases: if Input signal for peripheral contactor (US2) = By external PLC is
set on the robot controller.
•
• Or if the PLC switches the peripheral equipment via another mechanism (i.e. without using US2).
$CRIT_PERI_ACK informs the PLC via this output whether there is an enabling signal for starting up the peripheral device.
4. Close the $machine.dat file. Respond to the request for confirmation asking whether the changes should be saved by pressing
Yes .
Configuring the PLC: configure the PLC in such a way that it can correctly evaluate the output of the robot controller to which SIGNAL
$CRIT_PERI_ACK is allocated.
•
RoboTeam
• The configuration of $CRIT_PERI_ACK_REQ must be same for all participants in a RoboTeam.
• And: $CRIT_PERI_ACK_REQ must simultaneously be TRUE for all participants in a RoboTeam.
If $CRIT_PERI_ACK_REQ is TRUE for all participants, the following applies:

• The M_3303 message is simultaneously generated by or removed from all controllers in the RoboTeam.
• If the user acknowledges the M_3303 message on one controller, it is automatically acknowledged for all other participants.
• The signal output $CRIT_PERI_ACK (if used) behaves identically with all participants.
For the different participants, $CRIT_PERI_ACK can be allocated to different outputs.
$CRIT_PERI_ACK
Description
If additional enabling is to be used for starting up peripheral devices, SIGNAL $CRIT_PERI_ACK must be allocated to an output in the
following cases:
• If Input signal for peripheral contactor (US2) = By external PLC is set on the robot controller.
• Or if the PLC switches the peripheral equipment via another mechanism (i.e. without using US2).
Properties:
• SIGNAL $CRIT_PERI_ACK is implemented as a digital output and can be allocated to any $OUT[].
• $CRIT_PERI_ACK informs the PLC via the assigned output whether there is an enabling signal for starting up the peripheral
device.
Default in KRC:\STEU\Mada\$machine.dat:
SIGNAL $CRIT_PERI_ACK FALSE
Example: SIGNAL $CRIT_PERI_ACK has been allocated to $OUT[66]:

SIGNAL $CRIT_PERI_ACK $OUT[66]
Writability
The system variable is write-protected.
Syntax
$CRIT_PERI_ACK == state
Explanation of the syntax
Element Description
• FALSE (= default): There is no enabling signal for starting up the peripheral device.
state
• TRUE: There is an enabling signal.
$CRIT_PERI_ACK_REQ
Description
• $CRIT_PERI_ACK_REQ sets the “additional enabling” function to active or inactive.
• SIGNAL $CRIT_PERI_ACK_REQ is implemented as a digital input and can be allocated to any $IN[].
Default in KRC:\STEU\Mada\$machine.dat: in the default setting, the “additional enabling” function is permanently inactive since $IN
[1026] is permanently FALSE.
SIGNAL $CRIT_PERI_ACK_REQ $IN[1026]
Example: SIGNAL $CRIT_PERI_ACK_REQ has been allocated to $IN[66]: if it is desired that the “additional enabling” is permanently
active, SIGNAL $CRIT_PERI_ACK_REQ must be allocated to $IN[1025].
SIGNAL $CRIT_PERI_ACK_REQ $IN[66]
$IN[1025] is permanently TRUE.
Writability
The system variable is write-protected.
Syntax
$CRIT_PERI_ACK_REQ == state
Explanation of the syntax

Element Description
FALSE (= default)
The “additional enabling” function is inactive. This means that switching the US2 is only possible by
pressing the enabling switch.
Status of $CRIT_PERI_ACK if $CRIT_PERI_ACK_REQ == FALSE:
• T1/T2 : FALSE
• KSS: AUT/AUT EXT : TRUE
VSS: EXT : TRUE
• Unknown operating mode : FALSE
TRUE
state The “additional enabling” function is active.
Status of $CRIT_PERI_ACK if $CRIT_PERI_ACK_REQ == TRUE:
• T1/T2 : If the enabling switch has been pressed and the safety controller gives the motion enable signal,
the M_3303 message is generated. $CRIT_PERI_ACK remains FALSE.
After acknowledging the M_3303 message or pressing “Start”, $CRIT_PERI_ACK goes to TRUE.
If the safety controller gives the motion enable signal, $CRIT_PERI_ACK becomes FALSE again.
Note: This behavior also applies for start-up mode.
• KSS: AUT/AUT EXT : TRUE
VSS: EXT : TRUE
• Unknown operating mode : FALSE
The M_3303 message is only generated in the combination of $CRIT_PERI_ACK_REQ == TRUE with T1 or T2 mode. It is never
generated in any other combinations. If the message is active while switching to another combination, the robot controller removes the
message.
Peri enabled (PE)

If $CRIT_PERI_ACK_REQ == TRUE, the “Peri enabled” (PE) system output goes to TRUE under the following conditions:
• $CRIT_PERI_ACK == TRUE
• And: all further conditions for switching on “Peri enabled” (PE) are met.
Peripheral contactor (US2)

"Input signal for peripheral contactor (US2)" = … Behavior if $CRIT_PERI_ACK_REQ == TRUE
The US2 peripheral contactor is inactive.
In this case, $CRIT_PERI_ACK_REQ and US2 have no effect on one another.
Since $CRIT_PERI_ACK_REQ == TRUE, the M_3303 message is generated if the
Deactivated
preconditions are met.
$CRIT_PERI_ACK can be used by the PLC as a criterion to switch the peripheral
equipment via another mechanism (i.e. without US2).
The US2 peripheral contactor switches to ON if the PLC sets the “US2” input to
TRUE.
By external PLC
$CRIT_PERI_ACK can be used by the PLC as a criterion to switch the US2
peripheral contactor.
The US2 peripheral contactor switches to ON under the following conditions:
By KRC • $CRIT_PERI_ACK == TRUE
• And: all further conditions for switching on the US2 peripheral contactor are met.
“ Axis monitoring ” tab (8.3 or higher)

The safety controller also monitors axes which are configured as couplable or grouped together in coupling groups. To be
able to modify the parameters for these axes, the coupling must be temporarily canceled:
Canceling and restoring the coupling of axes
Only modify the default values if it is necessary to do so. The system integrator must check whether
and to what extent the values need to be modified in each specific application. He must also check
whether the modification makes additional safety measures necessary, e.g. installation of a gate lock.
Following modifications to the Maximum velocity T1 parameter, the new value must be checked. The
new value must also be checked if it is smaller than the previous value.
Checking the limits for the maximum axis velocity in T1 mode
Editable parameters
The following parameters can be set for each axis. It is not generally necessary to change the default values, however.
Duration of the axis-specific braking ramp monitoring for safety stop 1 and safety stop 2
Default: 1,500 ms
Braking time
Braking time parameter (8.3)
Braking time parameter (8.5 onwards)
Maximum velocity in T1
• Rotational axes: 1.00°… 100.00°/s
Maximum velocity T1 Default: 30°/s
• Linear axes: 1.00 … 1,500.00 mm/s
Default: 250 mm/s
This parameter enables a servo gun, for example, to be calibrated in T1 with a higher
velocity than 250 mm/s.
Note: The Cartesian velocities at the flange and at the TCP are monitored independently
of this parameter and cannot exceed 250 mm/s.
Tolerance for standstill monitoring in the case of safe operational stop. The axis may still
move within this tolerance when a safe operational stop is active.
• Rotational axes: 0.001 … 1°
Position tolerance
Default: 0.01°
• Linear axes: 0.003 … 3 mm
Default: 0.1 mm
Canceling and restoring the coupling of axes

Precondition
• The affected project is open.
Procedure
Canceling cupling:
1. Select the menu sequence Editors > Drive configuration .
2. Right-click on the coupling axes or the coupling group and select Disable axis coupling or Remove coupling group from the
context menu. The coupling is canceled. For the coupling axes, this step must be carried out for each axis individually.
Restoring coupling:
1. In the Drive configuration window, right-click on the motors to be coupled.
2. Select Enable axis coupling or Create coupling group in the context menu. The motors are now displayed as coupling axes or a
coupling group again.
Braking time parameter (8.3)

Description
If a safety stop 1 or 2 occurs, the safety controller monitors the braking process. Among other things, it monitors whether the axis-
specific velocity remains below its monitoring ramp. If the velocity is too high, i.e. if the ramp is violated, then the safety controller
triggers a safety stop 0.
The monitoring ramp can be modified using the parameter Braking time .
The parameter Braking time modifies the monitoring ramp. It does not modify the actual time required by the kinematic
system for braking.
Only increase the default time if it is necessary to do so. This might be required, for example, in the
case of very heavy machines and/or very heavy loads, as these cannot stop within the default time.
The safety recovery technician must check whether and to what extent the Braking time value needs to be modified in each specific
application. He must also check whether the modification makes additional safety measures necessary, e.g. installation of a gate
lock.
The monitoring ramp is determined as follows:

• The robot controller deducts 200 ms from the value of the parameter Braking time (accounting for the brake closing time). This is
the duration of monitoring. For example, the default value of 1500 ms results in a monitoring time of 1300 ms.
At the end of this period of time, another monitoring function activates: standstill monitoring.
• The ramp has plateaus of 300 ms at the start and the end.
The plateau at the start is always at 106% of the rated speed of the axis. The plateau at the end is always at 10.6%.
Monitoring ramp
1Velocity profile during braking (example)

2Monitoring ramp (default value Braking time 1500 ms)
3Standstill monitoring activates after this point.
v rsRated speed of the axis (rs)
tTime
The value “0” on the time axis is the moment when safety stop 1 or 2 activates.
Limitations
• Braking time can be configured separately for each axis. At the moment of braking, however, the value used for all axes is always
the highest value entered.
Recommendation: for greater transparency, enter the same value for all axes.
• The parameter Braking time usually has no effect in T1, since it refers to the axis-specific monitoring. In T1, however, there is
another (non-configurable) monitoring function for the Cartesian velocity on the flange. This is generally stricter.
Value increased
If the value Braking time is increased, this has the following effect:
The monitoring ramp becomes longer and flatter, i.e. monitoring is now less strict. There is now a lower probability that a braking
process will violate the ramp.
Example: value is increased
1Velocity profile during braking (example)

2Monitoring (lower Braking time value)
3Monitoring (higher Braking time value)
Value reduced
If the value “ Braking time ” is reduced, this has the following effect:
The monitoring ramp becomes shorter and steeper, i.e. monitoring is now stricter. There is now a higher probability that a braking
Braking time parameter (8.5 onwards)

Description
If a safety stop 1 or 2 occurs, the safety controller monitors the braking process. Among other things, it monitors whether the axis-
specific velocity remains below its monitoring ramp. If the velocity is too high, i.e. if the ramp is violated, then the safety controller
triggers a safety stop 0.
The ramp monitored in T1 mode cannot be changed and applies for the braking process from the configured maximum T1 velocity of
the respective axis down to standstill.
The monitoring ramp valid in the other operating modes can be adapted using the Braking time parameter.
The parameter Braking time modifies the monitoring ramp. It does not modify the actual time required by the kinematic
system for braking.
Only increase the default time if it is necessary to do so. This might be required, for example, in the
case of very heavy machines and/or very heavy loads, as these cannot stop within the default time.
The safety recovery technician or safety maintenance technician must check whether and to what extent the Braking time value
needs to be modified in each specific application. He must also check whether the modification makes additional safety measures
necessary, e.g. installation of a gate lock.
The monitoring ramp (for all modes apart from T1) is determined as follows:
• The ramp starts at 106% of the rated speed of the axis. This value remains constant for the first 300 ms.
• Similarly, a constant value of 10.6% of the rated speed of the axis applies for the last 300 ms of the configured braking time.
• Over the intervening time, the permissible velocity is reduced linearly from 106% to 10.6% of the rated speed of the axis.
• Allowance for the brake closing time for safety stop 1:

200 ms before the configured braking time elapses, the brake is commanded to close (SBC) and the drives enable signal (AF) is
canceled.
• In the event of a safety stop 2, the standstill monitoring is activated after completion of the braking process, or after the configured
braking time at the latest.
Monitoring ramp for safety stop 1
1 Velocity profile during braking (example)

2 Monitoring ramp for braking time T BT
3 Brake closing time T BCT is taken into account within the monitoring ramp
n Percentage of the rated speed of the axis

t (s) Time (in seconds)
T 0 The moment when safety stop 1 or 2 is initiated
T BT Braking time
Default-value Parameter Braking time : 1.5 s
T BCT Brake closing time: 0.2 s
Signals:
FF Motion enable
AF Drives enable
SBC Safe Brake Control
STO Safe Torque Off
Limitations
Braking time can be configured separately for each axis. At the moment of braking, however, the value used for all axes is always the
highest value entered.
Recommendation: for greater transparency, enter the same value for all axes.
Value increased
If the value Braking time is increased, this has the following consequences:
The monitoring ramp becomes longer and flatter, i.e. monitoring is now less strict. It is now less likely that the braking process will
violate the ramp.
Example: Value is increased
Value reduced
If the value “ Braking time ” is reduced, this has the following effect:
The monitoring ramp becomes shorter and steeper, i.e. monitoring is now stricter. There is now a higher probability that a braking

Description
Following modifications to the parameter Maximum velocity T1 , the new value must be checked. The new value must also be
checked if it is smaller than the previous value.
To perform the check, the value is intentionally exceeded using a test program. The safety controller then stops the robot.
Procedure
Checking the limit for rotational axes:
The following procedure must be followed exactly!
1. Create a test program in which the axis velocity is intentionally exceeded (e.g. by moving axis A1 at 25°/s although it is configured
with 20°/s).
1. Calculate the axis velocity $VEL_AXIS[x].
Example calculation of $VEL_AXIS
2. Enter the axis velocity $VEL_AXIS[x] in the test program.
2. Execute the test program in T1 mode.
The safety controller stops the robot.
If the robot is stopped by the safety controller, a message with message number 15 xxx is displayed.
3. If the robot does not stop, or if either no message or a message from a different number range is displayed, this indicates that the
value for Maximum velocity T1 has been incorrectly configured or that values have been programmed in the test program that are
not appropriate for the configured maximum value.
Check the configuration and the test program, correct if necessary and check the limit again.
Checking the limit for linear axes:
The following procedure must be followed exactly!
1. Create a test program in which the axis velocity is intentionally exceeded (e.g. by moving a linear axis at 110 mm/s although it is
configured with 100 mm/s).
2. Execute the test program in T1 mode.
The safety controller stops the robot.
If the robot is stopped by the safety controller, a message with message number 15 xxx is displayed.
3. If the robot does not stop, or if either no message or a message from a different number range is displayed, this indicates that the
value for Maximum velocity T1 has been incorrectly configured or that values have been programmed in the test program that are
not appropriate for the configured maximum value.
Check the configuration and the test program, correct if necessary and check the limit again.
Example calculation of $VEL_AXIS

Calculate the axis velocity $VEL_AXIS[x] as follows:
$VEL_AXIS[x] = (V Test / V max ) * 100 = (25°/s / 360°/s) * 100 = 7
Element Description
x Number of the axis
Desired test velocity (in this example, 25°/s)
V test
Unit: °/s
Maximum axis velocity according to the data sheet of the robot
V max
Unit: °/s
Enter the calculated axis velocity $VEL_AXIS[x] in the test program:

...
PTP {A1 -30}
HALT
$VEL_AXIS[1] = 7
PTP {A1 30}
...
Importing the safety configuration (SCG import)
Danger to life and limb due to unchecked safety configuration

It is possible that the robot could be operated with incorrect data after the project is transferred to the real robot controller. Death,
serious injuries or major damage to property may result.
• After importing a safety configuration or parts thereof, check the safety configuration. One possibility, for example, is to compare
the imported safety configuration with the current safety configuration on the robot controller.
Comparing the safety configuration
Precondition
Procedure
1. Select the menu sequence File > Import / Export . A window opens.
2. Select Import local safety configuration and click on Next .
3. Navigate to the path where the SCG file is located and select it. Click on Open .
4. Click on Finish .
5. If the configuration was imported successfully, this is indicated by a message. Close the window.
Exporting the safety configuration (SCG export)

Description
The local safety configuration can be exported as an SCG file. This file contains all the parameters for the safety configuration.
Exporting is always possible, irrespective of whether a safety option is installed or not.
Only saved values of the safety configuration are exported. Values that have been changed but not saved are not included in the
export.
Precondition
Procedure
2. Select Export local safety configuration and click on Next .
3. Click on Browse… and specify a directory.
4. Specify a file name, select the file type SCG and click on Save .
6. If the configuration was exported successfully, this is indicated by a message. Close the window.
Importing a safety configuration (XML import)

Danger to life and limb due to unchecked safety configuration
It is possible that the robot could be operated with incorrect data after the project is transferred to the
real robot controller. Death, serious injuries or major damage to property may result.
• After importing a safety configuration or parts thereof, check the safety configuration.
Description
Certain parts of the local safety configuration can be imported as an XML file. These are:
• Cell area configuration
• Monitoring spaces (Cartesian spaces and/or axis spaces)
• Properties of the tools
• Global parameters
In order to generate an XML file for importing, the user has the following options:
• Export the current safety configuration of the robot controller to an XML file and edit it. In this way it is possible to ensure that the
format of the XML file is correct for a subsequent import Exporting the safety configuration (XML export) .
• Generate the XML file on the basis of the XML schema C:\Program Files (x86)\KUKA\WorkVisual [ Version number ]
\Schemes\SafetyConfigImport.xsd, e.g. using a script programmed by the user.
The following points must be observed when editing the XML files:
• The XML schema defines the structure of the XML file for the import. For individual parameters, the XML schema allows higher
values than the installed version of the safety option.
• Parameters and values that are not supported by the current safety option are not imported. During the import, WorkVisual
generates a message to this effect.
It is also possible to import safety configurations in the system software. Information about this can be found in the
documentation of the safety options (e.g. SafeOperation).
Precondition
• The safety option SafeOperation or SafeRangeMonitoring is used.
Procedure
1. Save the project. (Do not close.)
3. Select Import local safety configuration and click on Next > .
4. Click on Search… . Navigate to the path where the XML file is located and select it. Click on Open .
5. Click on Next > . In the background, the window Local safety configuration is opened, if not already open.
6. If there are errors: error messages are displayed in the import window. The import cannot be carried out until these errors have
been eliminated. Rectify the errors in the XML file, repeat the XML import and save the safety configuration.
7. If there are no errors: the differences between the existing values and those to be imported are displayed in the Import window
Example: Displaying the differences .
8. Check all values.
If not all of the required safety functions are configured correctly, or if the wrong XML file was selected, cancel the XML import.
• Rectify the error in the XML file and repeat the XML import.
• OR: Select the correct XML file and repeat the XML import.
9. Click on Import . The data are now imported.
10. When the import is finished, this is indicated by the following message: The local safety configuration was imported successfully.
Close the window.
11. Check the safety configuration. The modified values are displayed in blue in the Local safety configuration window.
12. Save the project to accept the imported data.
The imported data are only accepted when the project is saved.
This also means that imported data can be discarded by closing the project without saving.
Parameter comparison view
Example: Displaying the differences
Color Meaning
Blue With this element (or its child elements), the existing value differs from the value to be imported.
Black With this element (including all its child elements), the existing value is identical to the value to be imported.
If the check mark is set in the Show import column , the Import value column is displayed. The values contained in the XML file are
displayed in this column.
Exporting the safety configuration (XML export)

Description
Certain parts of the local safety configuration can be exported as an XML file. These are:
• Cell configuration
• Monitoring spaces (Cartesian spaces and/or axis spaces)
• Properties of the tools
• Global parameters
The XML file always contains all the parameters which are contained in the exported parts of the safety configuration.
Exporting is always possible, irrespective of whether a safety option is installed or not. However, an export only makes sense if a
safety option is installed.
The current safety configuration of the robot controller is exported. If the safety configuration contains unsaved changes, these are
also exported.
If invalid values are entered in the safety configuration, the export is aborted with an error message (plausibility error).
It is also possible to export safety configurations in the system software. Information about this can be found in the
documentation of the safety options (e.g. SafeOperation).
Precondition
Procedure
2. Select Export local safety configuration and click on Next .
3. Click on Browse… and specify a directory.
4. Specify a file name, select the file type XML and click on Save .
6. If the configuration was exported successfully, this is indicated by a message. Close the window.
Comparing the safety configuration

Description
To avoid importing an undesired safety configuration, the current safety configuration on the robot controller can be compared with the
safety configuration in the SCG file.
Procedure
1. Load the active project from the robot controller in WorkVisual.
Loading a project from the robot controller
2. Import the safety configuration (SCG file).
Importing the safety configuration (SCG import)
3. Export parts of the safety configuration (XML file) out of the project.
Exporting the safety configuration (XML export)
4. Close the project. (Do not transfer to the robot controller.)
5. Reload the active project from the robot controller.
6. Import the parts of the safety configuration from step 3 into the project.
Importing a safety configuration (XML import)
7. Compare the parts of the safety configuration with one another.
8. If the parts of the safety configuration are as required, import the safety configuration (SCG file) and transfer it to the robot
controller.
Resetting the safety configuration

Description
This procedure can be used to reset the safety configuration. This may be necessary, for example, if the system software is to be
changed to a version whose safety configuration is not compatible with the current one. In this way, only the safety configuration is
recreated – all other settings in the project are retained.
When the safety configuration is reset, all settings are reset to the default settings and the project is automatically saved. This process
cannot be undone.
Precondition
• The robot controller has not been set as the active controller.
Procedure
1. Right-click on the node Safety controller on the Hardware tab in the Project structure window.
2. Select Reset in the context menu.
3. Answer the request for confirmation with Yes . The safety configuration is reset.

Safety Configuration in Workvisual

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

Safety Configuration in Workvisual

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Safety Configuration in Workvisual

Uploaded by

Copyright:

Available Formats

Safety configuration Page 1 of 19

Editing the local safety configuration

Parameters of the local safety configuration

“General” tab (8.2)

“General” tab (8.3)

Select here which interface is used:

“General” tab (8.5 or higher)

Danger to life and limb due to missing risk assessment

Preventing an unexpected start of the peripheral devices

Behavior with/without additional enabling

Danger to life and limb due to missing additional operator action

Behavior with additional enabling

Configuring additional enabling

3. Allocate SIGNAL $CRIT_PERI_ACK $CRIT_PERI_ACK to an output.

If $CRIT_PERI_ACK_REQ is TRUE for all participants, the following applies:

Example: SIGNAL $CRIT_PERI_ACK has been allocated to $OUT[66]:

Explanation of the syntax

$IN[1025] is permanently TRUE.

Explanation of the syntax

Peri enabled (PE)

Peripheral contactor (US2)

“ Axis monitoring ” tab (8.3 or higher)

Canceling and restoring the coupling of axes

Braking time parameter (8.3)

The monitoring ramp is determined as follows:

1Velocity profile during braking (example)

Example: value is increased

1Velocity profile during braking (example)

Braking time parameter (8.5 onwards)

• Allowance for the brake closing time for safety stop 1:

Monitoring ramp for safety stop 1

1 Velocity profile during braking (example)

n Percentage of the rated speed of the axis

Example: Value is increased

Checking the limits for the maximum axis velocity in T1 mode

The following procedure must be followed exactly!

The following procedure must be followed exactly!

Example calculation of $VEL_AXIS

Enter the calculated axis velocity $VEL_AXIS[x] in the test program:

Importing the safety configuration (SCG import)

Danger to life and limb due to unchecked safety configuration

Exporting the safety configuration (SCG export)

Importing a safety configuration (XML import)

Parameter comparison view

Example: Displaying the differences

Exporting the safety configuration (XML export)

Comparing the safety configuration

Resetting the safety configuration

You might also like