ID: QA39210 | Access Levels: TechConnect

PlantPAx Process Library 4.x & 5.x security

setup for FactoryTalk View SE & ME

Document ID QA39210

Published Date 01/19/2024

Summary
PlantPAx Process Library 4.x & 5.x security setup for FactoryTalk View SE & ME

Question
• How do I setup a FactoryTalk View User to access all functions with PlantPAx Process
Library 4.x & 5.x faceplates?
• How do I import PlantPAx Process Library graphics into a FactoryTalk View Machine
Edition project?
• Why is my PlantPAx Graphics in SE client grayed out and I am unable to edit?
• How to change PIDE instruction mode from auto to manual mode and how to assign
a separate privilege for this function?

Environment
• FactoryTalk View Site Edi�on Version 11, 12, 13 & 14
• PlantPAx Version 4.x & 5.x

Answer
New with version 4.x & 5.x Process Library is the Area name for Security. Each faceplate
could have a unique name for access just to that faceplate(s). We will give this Area name
for Security a name: Area01. The name is case independent (Area01 or area01). This
name could be changed, but out of box the default is Area01 for all faceplates. Note that
this is security for PlantPAx faceplates only. An important thing to keep in mind is that if
you are using FactoryTalk View Machine Edition the maximum version of PlantPAx
Process Cookie
Libraryblocking
allowedisiscurrently
4.10.x enabled
To receive the best experience please enable functional cookies in the Configuración de
Example showing the Area name for security under a P_Motor
cookies.
faceplate:

To setup security, create a Account ID for a FactoryTalk View user. (Not the same name as
Windows user by default) This example will use Mark as the log in user. Mark will need to
be part of the Groups described below.

With the Process Objects Library v4.x, & v5.x there are two groups that will allow certain
privileges to the faceplates.
• Area01_Basic
• Area01_Advanced

These users should not be part of the Runtime security. They will only appear in the Users
Cookie blocking is currently enabled
and Groups. The AOI's local tag used to store the area name is .CfgArea. It is a string UDT
To receive the best experience please enable functional cookies in the Configuración de
of type STRING_Area. It is only 8 characters long. If you decide to use a domain group, the
cookies.
name will typically exceed 8 characters. For Example: DomainName\Area01. If this is
mandatory, increase the length of the string in the STRING_Area UDT.

To use any faceplate the user needs to be part of the Area01_Basic group. Also, to access
the Advanced Tabs in the faceplates they will need to be part of the Area01_Advanced
group. Our faceplates in this example are using the Area name for Security name
as:"Area01" This could be different for different area names (x_Basic and x_Advanced). If
the name is changed, then these new name_Basic and name_Advanced groups would
also need to be added to the Users and Groups. Create the following Groups:

In the Process Library for FactoryTalk View SE v4.x &v5.x, and ME v4.x both require the
user to import HMI tags. These are used to define the security privilege codes, among
other things. These tags must be imported using the Tag Import and Export Wizard,
found in Studio under the Tools menu.

For SE:
The CSV file are located in Files:
Process Library v4.0.x
..\Process Objects\Graphics\FTView SE\FTViewSE_ProcessLibrary_Tags_4_0_00.csv
Process Library v4.10.x
..\Process Objects\Graphics\FTView SE\FTViewSE_ProcessLibrary_Tags_4_10_00.csv
Process Library v5.00.x
..\Process Library\HMI - FactoryTalk View
SE\FTViewSE_ProcessLibrary_Tags_5_00_0x.csv
Cookie blocking is currently enabled
Process Library v5.10.x
To receive the best experience please enable functional cookies in the Configuración de
..\Process Library\HMI - FactoryTalk View SE\FTViewSE_ProcessLibrary_Tags.csv
cookies.
Use the Tag Import and Export Wizard to import the HMI Tags into the FactoryTalk View
Studio project.

For ME:
The CSV file are located in Files:
Process Library v4.0.x
..\Process Objects\Graphics\FTView SE\FTViewME_ProcessLibrary_Tags_4_0_0x.csv
Process Library v4.10.x
..\Process Objects\Graphics\FTView SE\FTViewSE_ProcessLibrary_Tags_4_10_00.csv
..\Process Objects\Graphics\FTView ME\FTViewME_ProcessLibrary_Tags_4_10_00.csv
Use the Tag Import and Export Wizard to import the HMI Tags into the FactoryTalk View
Studio project. No support for Process Library 5.x for FTView ME at this time.

In addition to the Area01_Basic and Area01_Advanced groups, the user should be

granted some security codes from A-G from being a part of User Groups. When creating
users for a PlantPAx project, make sure to remove or uncheck Allow under permissions for
the user and let the Group membership give them privileges A-G. In this example Mark will
not have any permissions except for the privileges given by the Group membership.

Rockwell Automation recommends adding individual users to User Groups with assigned
single security codes as shown below in Runtime Security. Create the following Groups
and assign letter codes to each group as shown below:
�. HMI_Operators (Only Code A)
�. HMI_Operating Supervisor (Only Code B)
�. HMI_Maintenance (Only Code C)
�. HMI_Maintenance Supervisor (Only Code D)
�. HMI_Engineering (Only Code E)
�. HMI_Manager (Only Code F)
�. HMI_Admin (Only Code G) Note Code G will only allow user to view project.

Assigning only Code E Allow to HMI_Engineering group:

Cookie blocking is currently enabled

To receive the best experience please enable functional cookies in the Configuración de
cookies.
Note: When configuring security in a FactoryTalk View ME application, do not assign a
user to more than one group.

The single code letter privileges are given the following table:

Security
FactoryTalk View Tag Description
Codes
Security\AlarmAck Acknowledge/Reset Alarms ABCDEF
Security\AlarmConfig Alarm Configuration E
Security\AlarmDisable Disable Alarms BCDEF
Security\AlarmShelve Shelve Alarms ABCDEF
Security\BypassFeedback Can Bypass Feedback CDE
Bypass Permissives and
Security\BypassInterlocks BCDEF
Interlocks
Acquire/Release Equipment
Security\CmdSrcMaint CDE
Maintenance Command Source
Cookie blocking is currently enabled and Release
Acquire/Lock
Security\CmdSrcOperProg Equipment
To receive the best experience pleaseOperator
enable Command BCDEF
functional cookies in the Configuración de
Source
cookies.
Security\CmdSrcOutOfService Can put device in/out of service CDE
 Security\ConfigSecurity Change Security for the device E
Change the setup of the device
Security\DeviceConfigBehavior E
(Advanced)
Security\DeviceConfigDiagnostics Configure device diagnostics CDE
Security\DeviceConfigFailTimers Modify Alarm Delay Times DE
Change the configuration of the
Security\DeviceConfigHMI E
HMI interface for the device
Security\DeviceConfigLimits Configure device limits DE
Security\DeviceConfigThresholds Modify Limits and Deadbands BCDEF
Security\DeviceConfigTimers Configure device timers DE
Change Tuning; Inflights; and
Security\DeviceConfigTuning DE
Preacts
Security\EnableSimulation Put Device in Simulation E
Enter Setpoints and Control
Security\EnterOperSettings ABCDEF
Variables
Command Equipment in
Security\OperateEquipment ABCDEF
Operator Command Source
Security\OverrideInputs Override Inputs CDE
Security\OverrideOutputs Override Outputs CDE
Exception Processing (Step
Change; Parameter
Security\ProcedureAdvancedExceptions BCDEF
Change;Acquire; Reorder;
Activate)
Override Downloaded Phase
Security\ProcedureChangeParameters BCDEF
Parameters
Security\ProcedureChangeSetpoints Override Downloaded Setpoints BCDEF
Select; run; hold; and restart
Security\ProcedureControl Procedures; Sequences; and ABCDEF
Batches
Manual Supervisory EP/EM
Security\ProcedureEquipmentControl BCDEF
Control
Exception Processing (Resume;
Security\ProcedureExceptions manual; Auto; Semi-Auto; Pause; ABCDEF
Disconnect; Release)
Security\ProcedureForceSequence Force Steps/States BCDEF
Manual Procedure; Sequence;
Security\ProcedureManualControl and Batch Processing (Stop; ABCDEF
Abort; Reset)
Security\ResetAccumulators Reset Run Time Accumulators CDE
Security\RespondToPrompts Respond to Prompts ABCDEF
Security\ShowFaceplate Navigate to full faceplate CDE

Adding: Area01_Advanced, Area01_Basic and HMI_Engineering (Security Code E in

the table) group to Group Membership for user Mark would give him access to all
PlantPAx faceplates and configurations for those faceplates as shown below:

Cookie blocking is currently enabled

To receive the best experience please enable functional cookies in the Configuración de
cookies.
Verify in the Client file that this user is logged in.

Note: If users are still able to take actions beyond the ones granted by the permissions
above, check to see if the Default user or All Users are still present. If they have been
given all privileges, these will also be inherited by any other users.

Note: Ramp / Soak (RMPS) faceplate will need to enable security by adding the following
to the Global Object Parameter Values: (Line 6, #106)

Cookie blocking is currently enabled

To receive the best experience please enable functional cookies in the Configuración de
cookies.
For the Area Security Tag, you should be able to point to any Tag (HMI Tag or controller tag)
that contains the appropriate string. The factory default is Area01 (DefaultArea). You may
wish to create an HMI tag or folder of tags for this purpose.

This will apply to the faceplates for all "built-in" (firmware) instructions like (#105):

PIDE (not P_PIDE)

RMPS
TOT
IMC
CC
MCC
P_Alarm

DISCLAIMER
This knowledge base web site is intended to provide general technical information on a particular subject
or subjects and is not an exhaustive treatment of such subjects. Accordingly, the information in this web
site is not intended to constitute application, design, software or other professional engineering advice or
Cookie
services. Before blocking
making any is currently
decision enabled
or taking any action, which might affect your equipment, you should
To receive
consult a qualified advisor. please enable functional cookies in the Configuración de
the best experience
professional
cookies.
ROCKWELL AUTOMATION DOES NOT WARRANT THE COMPLETENESS, TIMELINESS OR
ACCURACY OF ANY OF THE DATA CONTAINED IN THIS WEB SITE AND MAY MAKE CHANGES
THERETO AT ANY TIME IN ITS SOLE DISCRETION WITHOUT NOTICE. FURTHER, ALL
INFORMATION CONVEYED HEREBY IS PROVIDED TO USERS "AS IS." IN NO EVENT SHALL
ROCKWELL BE LIABLE FOR ANY DAMAGES OF ANY KIND INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS PROFIT OR DAMAGE, EVEN IF ROCKWELL AUTOMATION
HAVE BEEN ADVISED ON THE POSSIBILITY OF SUCH DAMAGES.

ROCKWELL AUTOMATION DISCLAIMS ALL WARRANTIES WHETHER EXPRESSED OR IMPLIED IN

RESPECT OF THE INFORMATION (INCLUDING SOFTWARE) PROVIDED HEREBY, INCLUDING THE
IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, AND
NON-INFRINGEMENT. Note that certain jurisdictions do not countenance the exclusion of implied
warranties; thus, this disclaimer may not apply to you.

Cookie blocking is currently enabled

To receive the best experience please enable functional cookies in the Configuración de
cookies.