Locking a ControlLogix

Steve Cav

Member
Join Date
Aug 2006
Location
Clitheroe
Posts
71
Hi,

Is there a way to lock down a ControlLogix / CompactLogix processor to be read only i.e. only engineers for example can change the code etc. As I understand it, you can lock down a routine, AOI etc, either by source key or licence protection but there does not seem to be a way to simply lock down the whole processor for read only. Am I correct?
 
Yes, you can secure (lock down) the controller, but it will not allow "read only" access. Once locked you cannot go online without unlocking. That's my understanding.
 
1756-pm016 from Rockwell will show what you need. (logix 5000 controllers security programming)


We tried for a long time to protect IP specific code while allowing the customer to still maintain access to general status. We used source protection but found an online program that had somehow obtained all the encryption keys for source protection. This was V28ish; I am not sure if it has changed now
 
1756-pm016 from Rockwell will show what you need. (logix 5000 controllers security programming)

I looked through the 1756-pm016 but there didn't appear to be an option to simply stop editing. Source protection seems to be designed to lockdown specific routines and instructions. What we need to do is allow craft people to interrogate the code but not be able to change it. However, engineers should be able to quickly access the code and change if necessary for whatever reason.
 
I looked through the 1756-pm016 but there didn't appear to be an option to simply stop editing. Source protection seems to be designed to lockdown specific routines and instructions. What we need to do is allow craft people to interrogate the code but not be able to change it. However, engineers should be able to quickly access the code and change if necessary for whatever reason.


Good luck. We spent about two years working on a custom solution for that. We as far as doing some custom AOI's that would lock code to processors and do proprietary keying beyond the serial to attempt to stop people from editing code and reusing blocks. Hit me up on PM if you want to look into this.
 
Good luck. We spent about two years working on a custom solution for that. We as far as doing some custom AOI's that would lock code to processors and do proprietary keying beyond the serial to attempt to stop people from editing code and reusing blocks. Hit me up on PM if you want to look into this.

PM'd
 
Simply putting the key switch in the RUN position will prevent edits from being made. You could still change tag values, but you cannot assemble a rung. For fun, we like to do this while someone is in the middle of a rung edit, then see how long it takes them to figure it out. :)
 
Simply putting the key switch in the RUN position will prevent edits from being made. You could still change tag values, but you cannot assemble a rung. For fun, we like to do this while someone is in the middle of a rung edit, then see how long it takes them to figure it out. :)

Leaving the key switch in run would work, unfortunately we always leave the key switch in remote as some of the electrical panels in which the PLCs are installed can only be opened by turning off the power!
 
Leaving the key switch in run would work, unfortunately we always leave the key switch in remote as some of the electrical panels in which the PLCs are installed can only be opened by turning off the power!

I hear ya. I guess to answer your original question, is there a simple way to put your PLC in "read only mode".... no, there is not a simple way.

I believe Rockwell offers a "service edition" of Studio5000 that doesn't allow edits to be made. People that are not allowed to make edits could use that version, while Engineering could use the full version.
 
Leaving the key switch in run would work, unfortunately we always leave the key switch in remote as some of the electrical panels in which the PLCs are installed can only be opened by turning off the power!

How about a little servo to move the switch? ;)

Or use a hmi like advancedhmi to present data to the non-engineers. Not the simplest solution i know
 
Rockwell does have built in security now.

If you go in the "Security" tab in controller properties, you can actually end up setting it to a Factorytalk Administration server name.

If this option is enforced, PLCs can't be modified by any PCs which don't/haven't had have access to the server. The PCs don't have to be connected to the server at all times, the duration they can be offline can be changed.

Using the administration console on the server, you can limit what your users can do, and even link windows-logons(We have domain logons where I am) to the PLC privileges.

For example, maintenance can't do downloads on our PLCs, even by mistake. It's enforced from the server. Hopefully this helps, let me know if you have questions!
 
I hear ya. I guess to answer your original question, is there a simple way to put your PLC in "read only mode".... no, there is not a simple way.

I believe Rockwell offers a "service edition" of Studio5000 that doesn't allow edits to be made. People that are not allowed to make edits could use that version, while Engineering could use the full version.

We could go down the service edition route depending on cost.
 
Rockwell does have built in security now.

If you go in the "Security" tab in controller properties, you can actually end up setting it to a Factorytalk Administration server name.

If this option is enforced, PLCs can't be modified by any PCs which don't/haven't had have access to the server. The PCs don't have to be connected to the server at all times, the duration they can be offline can be changed.

Using the administration console on the server, you can limit what your users can do, and even link windows-logons(We have domain logons where I am) to the PLC privileges.

For example, maintenance can't do downloads on our PLCs, even by mistake. It's enforced from the server. Hopefully this helps, let me know if you have questions!

This seems great for the end user, but not for OEMs and Integrators wanting to lock their stuff.
 

Similar Topics

Anyone else using Pi-Hole ? Had a spare Pi laying around a while ago and have been using this setup ever since. Browsing is not the same with out...
Replies
2
Views
863
Hello, Looking for anyone to help with a problem. We had a Panelview die with a power outage. Went to download the saved program onto a new...
Replies
9
Views
1,600
One of our Therm-O-Seal splicers has an issue and we are trying to access the PLC to help troubleshoot. The PLC is password locked and...
Replies
1
Views
1,294
Hi folks, I'm new here, but I'd been lurking for nearly a year... The company I work for is diving head long into a project with ControlLogix...
Replies
5
Views
2,187
Anyone run into FTME 11 just locking up when you do a right click then tag search/replace on a screen? Task manager can’t kill it and I must...
Replies
6
Views
1,517
Back
Top Bottom