Hello,
I’m reaching out to discuss the current limitations of access control in PLCnext Engineer, particularly regarding the eHMI interface. As it stands, the security settings for eHMI are binary - either you have the login feature activated for the entire interface, or not at all. This all-or-nothing approach can be restrictive, as there are numerous scenarios where selective access to certain eHMI pages is desirable.
For instance, it would be practical to allow open access to general process monitoring pages that display sensor values and status updates, while restricting configuration settings pages, such as those for alarm thresholds, switching limits, and maintenance timers, behind a login.
Currently, I have the eHMI login disabled and have implemented a workaround: a custom login leading to a few protected pages for settings. However, this is a makeshift solution. A more elegant and efficient approach would be to integrate this functionality directly into PLCnext Engineer. Ideally, there should be an option to specify which pages require a login and which do not, perhaps through a list or settings within the page properties.
I believe this feature would significantly enhance the flexibility and usability of PLCnext Engineer for many users. It would allow for a more nuanced approach to security and accessibility, catering to the diverse needs of different applications.
What are the possibilities of incorporating such a feature in future updates? I would greatly appreciate your insights and any potential plans to address this.
Thank you for considering this request.
Best regards,
Michel
Hello, Michel
As I could understand, this post is next step of your investigation of hmi auth control. https://www.plcnext-community.net/forum/#/discussion/3659/bypassing-login-for-ehmi-access-on-plcnext-seeking-solutions
Actually, popup dialog login appearance is depends of does hmi screen protected completely or just some control items on it.
And embedded user enforcement allow to create flexible restriction solutions with out annoying popup login dialog when unwanted.
Please, find sample attached.
For sample, please create 3 users level-X with different HMI access levels, as shown on pic.
After download project you will see main page, where you can see some control and navigation buttons with control restrictions depends on user logged in or not.
hmi_protect.7z There you will find out page and button control restrictions properties, just as you suspect.
I messed up with this sample, it use just local hmi variable. As soon as you try to use or add plc variable to main screen, it will demand user authentication, regardless any other page settings… So initial login to web-hmi page hardly could be skipped, if user enforcement is activated.
Hey Oleksandr,
Thank you for your effort in trying to address this issue; it’s greatly appreciated. It seems that the current system limitations prevent us from implementing the desired functionality in a straightforward manner. I believe that this is something the PLCnext development team could address to make the process more straightforward and user-friendly. Such a feature appears to be quite standard and not overly complex to implement from their side. I’m sure I’m not the only one who would like to see such an improvement. Hopefully, this will be realized someday. Thanks again for your dedication!