Limiting use/access of RS500

Hello,

Is there a way to limit some of the features of AB RS500 software? Specifically is there a way to allow uploads only- no downloading?

We have a 'crash' cart here at work but it doesn't have the network drive access to the latest offline versions. if someone downloads from this crash cart they will be downloading older versions, versions from whenever the last person too initiative to load the files to a jump drive and upload to the project directory of the cart.

i searched around on here and read the help files in 500 but perhaps i'm not looking in the right spot...thanks in advance.

The simplest method is just to place the controller's keyswitch in hard RUN mode and pull out the key. No edits or downloads can be performed in RUN mode.

RA does have a complex FactoryTalk Security system but it relies on passwords and permissions and network connectivity to a server. A service cart is the opposite pole of the sophistication spectrum.

hanlonmi06 said:

it doesn't have the network drive access to the latest offline versions.

Click to expand...

Sometimes the solution is in identifying the correct problem.

Have you considered setting up a wireless access point for the crash cart so it can always access the network drive? Once you have one set up you'll smack your head on the wall for not having done it sooner - it is immensely convenient.

...until IT refuses to allow that wireless connection...

They claim that it would be too much work to limit the access that PC would have to internet which is something they will not allow on the plant floor.

Somehow they had the old crash card PC locked down to where you could only go online and view the logic, toggle some bits but not download or make edits. they now have full use of 500 for all its benefit and detriment.

I didn't know if there was some file or registry edit that someone creatively invented to gain this feature on that PC alone. I still need to be able to be in my office, on the floor, at home, or across town and be able to get online with the processors...

i'm 5 hours into unraveling the mystery that is nights for one of my production lines because of this.

See.. Your IT group should investigate putting a Plant Floor VLAN in place. Trunk the Wireless AP to that VLAN as well(or add a seperate Wireless AP to begin with). Use ACL to restrict the Plant Floor VLAN to only the local subnets and then block that whole subnet at the Proxy level(You do have a proxy server for the Internet right?)
We use a lot of wireless apps on the Plant Floor, works for us.

The quintessential IT power struggle.

Your plant manager needs to decide if he is in the IT business or in the manufacturing business and deal with the issue accordingly. You might need to point that out to him. There is no reason to hobble the tools you need just because some IT punk thinks something is hard. Quite frankly, in my experience when an IT egghead tells you something is hard what he is really meaning is that he doesn't know how to do it and doesn't want to admit incompetence. Its not hard to secure a wireless access point to specific computers and its not hard to limit those computers from accessing the internet.

It is not my intent to turn this thread into an us verses them rehash of the problems we all have encountered with our IT departments. I was pointing out that sometimes correctly identifying the problem can produce a better solution - and keep the problem from becoming one that you have to solve over and over and over again. And it can help immensely in working with IT if your IT people understand how you identified the root problem.

• Five Whys
  Problem: The machine isn't working correctly
• Why? The wrong program got downloaded
• Why did the wrong program get downloaded? The crash cart computer had the wrong version of the file on it.
• Why did the computer have the wrong version? The crash cart can't access the correct version on the network drive
• Why can't the computer access the network drive? There is no network connection for the crash cart.

Have IT also help you set up permissions to the network drive folders. That way your techs can access the right version of the program, they can go online and monitor without having to upload from the PLC, and they can't save unauthorized changes - thereby preserving your master copies of the program.

I'd say this is split about 50/50 with the requests not including a budget to do so.
Like it or not, but IT is considered nothing but a cost, Often we don't have the budget to do these things.(Full disclosure, I am part of both the Process Automation group and the IT group)

Alaric said:

There is no reason to hobble the tools you need just because some IT punk thinks something is hard. Quite frankly, in my experience when an IT egghead tells you something is hard what he is really meaning is that he doesn't know how to do it and doesn't want to admit incompetence.

Click to expand...

Do you just need a monitor only functionality? No programming changes to ladder code. Do you need to restrict data register changes too? RS Ladder 500 was/is a monitoring ActiveX control. I don't remember how limited it's functionality is. I'm just throwing that out there.

Sounds to me like the the maintenance people just need to follow simple instructions. "DO NOT PERFORM A DOWNLOAD". If they can't listen, do as Ken said, place the PLCs in run mode and lock away the keys. Granted, getting a spare CPU key isn't rocket science.

Even if you get network access to this computer, sure as heck doesn't mean the programs will remain consistent. Still up to the worker to place the new files on the network...I caution to open them directly from the network, I have had problems in that situation where the file becomes corrupt, or you couldn't save it properly.

Do you have the FactoryTalk platform installed on the PC? If so, you can set up users / groups through the administration console and set user rights by right clicking on networks and devices -> security. There are detailed permissions for just about anything you can do with RS500.

We've taken a USB zip drive and required that it be kept up to date with the latest, greatest version both from the developement station and laptops. We keep an excel spreadsheet as a change log right on the stick. This change log has been useful tool in keeping everyone up to date on the changes to programs.

1MoCast said:

We've taken a USB zip drive and required that it be kept up to date with the latest, greatest version both from the developement station and laptops. We keep an excel spreadsheet as a change log right on the stick. This change log has been useful tool in keeping everyone up to date on the changes to programs.

Click to expand...

This is a good method that can be implemented "right now" for the cost of a concensus and a $20 stick. It is imperfect only in that if the stick is lost AND the cart PC croak at the same time which is highly unlikely. This is what I did when faced with the mountainous bureaucracy at a large corp...None of my machines were networked except for a rigged DH+ system in one zone of the plant that was incomplete.

I had five "roll-a-rounds" as we called them, and two laptop + my desktop from which I would work from a network shared drive with for offline development. So, it was more legwork, and there were occasions in which I would not get them all updated. Certain techs had their favorite machines so I knew which ones had to be kept up to date before close of daily business.

Once you get your machines on a LAN though, you will not want to go back to USB drives, so do pursue making arrangements for a Controls LAN with input from IT.

I think there are other not yet mentioned methods to limit downloading SLCs but in my experience, training the technicians is the answer. Make sure they get a primer on RSLinx as it needs to be used in their jobs, and the basic RSWho, go online, upload use file, Save As training.

For the advanced guys, teach them how to use the Compare Utility.

I only had one tech download a bogus program, and all he did wrong was get impatient with a different windows program and fill the keyboard buffer with DEL keystrokes, but the automatic backup system in RSLogix500 and his knowledge of the software made the issue solvable with a phone call to me to help him figure out how to fix it.

I can't count how many times the guys were able to move I/O points to get a machine going, or solve issues with operator setup values without my assistance once they got accustomed to the responsibility, and they always would leave a message or a floppy copy of the saved as file.

You could also use factory talk asset centre. Rockwell now makes a machine edition that is good for 25 devices and that number may be larger now.

Here is a link http://samplecode.rockwellautomation.com/idc/groups/literature/documents/pp/ftalk-pp029_-en-p.pdf

If you can get a wireless link and get the cart networked another way to keep things in sync without a network drive is to use the free version of dropbox http://www.dropbox.com/ which gives you a 2 GB account and map your logix project folders into dropbox on each cart or workstation and they will all stay in sync but it requires that the link have internet access.

Another way to sync without internet access is to use goodsync http://www.goodsync.com/ or allwaysync http://allwaysync.com/ free versions to keep the folders in sync in a automatic fashion without the use of the internet.

I don't think factory talk is on the cart, i'd have to check. We don't use the Factory talk securities so it would be the only place that it would get set up which i suppose wouldn't be a major issue.

For the most part this company is good about getting you things you need, it doesn't take much justification to get stuff in here if that becomes the solution.

I'm not terribly familiar with the specifics and vocabulary of networking, but they do have connectivity to the DH+ network via wireless just not the network drive that has the files that i use on a regular basis. I'm not sure I want the cart having full network drive access either, so it would have to be limited to one directory.

i think there is some conversations that need to happen with the IT guy. Not to stereo type, or go down that road but one of the IT guy's is the one that said 'no can do' and dropped the issue cold, the other guy is pretty cool and enjoys trying new things so he'll be my go to person there to see if there is a network solution.

Lastly, and the one i rue the most but need to do the most, is talk to the guys. make them understand the implications of some of the stuff. What happened yesterday (and i don't have all the details) happened at 5am, a more then reasonable time to put a call in to me to explain what happened and provide the input at that time. in that case, in the pinch, i could have emailed them the copy, or steered them away from a DL altogether.
It's not perfect, but it is a pretty good maintenance team. i really want to give them the tools to do their job, perhaps make my life a little easier but it has to be thought through.

We use AssetCentre here. We used to use various other methods (we probably tried one form or another of every suggestion above) to manage program revisions. I would never go back after using AC. However, ours is a VERY large fully integrated FactoryTalk system so the $ was justifiable.