Skip to content

HMI Security, login for no-one or everyone?

fluxmodelfluxmodel
in PLCnext Engineer

Hi,

I am creating an HMI which is mostly customer facing but with a few pages where there are configuration options which makes sense to protect so that only service personnel has access to change those values.

I therefore thought it would be easy to enable HMI User Levels, and set a user level on some of the pages and symbols to protect them.

But to my great surprise, it seems that if ANY hmi security is enabled, every one has to login ?

What is this?

Why force customers to remember and perform a login when they are not using those features?


image.png


Comments

  • Oleksandr GuminskiyOleksandr Guminskiy

    Hi!

    Each time, you page have connected to any plc tag, and User access management is activated, you have to enter auth data.

    And this is a little bit confused.

  • kvanbuskirk01kvanbuskirk01

    Hello,

    Currently this is how the security works in the eHMI as it makes since to enable security for all users if your web-based HMI is allowed to connect to the internet. Currently there are no plans to change this behavior.

    Best Regards

    Kelley

  • fluxmodelfluxmodel
    https://forum.plcnext-community.net/discussion/comment/13017#Comment_13017

    This is quite depressing and deviates a lot from other PLC/HMI products.


    How do you propose to solve the issue of a customer facing HMI where everyone can monitor the process, but only signed in personnel can adjust parameters and settings?

  • Michel BaasMichel Baas

    @fluxmodel

    I completely agree with you, as previously mentioned here:

    https://www.plcnext-community.net/forum/#/discussion/3675

    There has been no response from the PLCnext team on this matter. As explained, it just makes sense and should be straightforward to implement access control on a per-page basis. When "User Authentication" is enabled, all pages should by default require a login — however, as a programmer, you should have the ability to exempt specific HMI pages from this requirement. Often, you don't want to mandate login for every page — just for those where settings can be changed or controls can be manipulated. Not for pages where an operator is merely viewing information.

    Additionally, it's quite disappointing that the PLCnext team doesn't seem to understand or acknowledge this perspective by taking it seriously and implementing this relatively simple and self-explanatory feature. It's a bummer when such straightforward improvements, which could significantly enhance user experience and security, are overlooked.

Sign In or Register to comment.