JP2007280348A - Programming device of programmable controller - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To make use of ability that a user performs an access operation to a PLC via an input device 14 and a display unit 15 of a programming device to its maximum to the programmable controller (PLC) 19 which is coupled to the programming device 10 via a common bus 18 and controls equipment to be controlled. <P>SOLUTION: A password/operation restriction information setting means 61 and a user authentication/operation function restriction means 62 are added to a system program of the programming device. A password for authentication for every user and operation restriction information that provides the kind of the access operation according to a function to permit or to prohibit the user is preset to the PLC by the means 61, when the user attempts to perform the access operation to the PLC, the means 62 reads the setting information, refers to the operation restriction information of the user upon authenticating the user asking for a password input of the user and restricts the kind of access operations according to the function, attempted to be performed by the user. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  In the present invention, a user (also referred to as a user or an operator) usually performs an access operation to a PLC via a programming device connected to a programmable controller (also abbreviated as PLC) that controls a device to be controlled in sequence. For example, a function that restricts various types of function-specific access operations permitted to the user according to the operation authority level of the administrator, maintenance man, end user, etc. The type of operation authority level is further increased to the level of each individual user, various access operations for each function that are permitted or prohibited for each user are set in advance, and the function that the user performs on the PLC according to the setting contents. The present invention relates to a programming device for a programmable controller having a function of limiting the type of access operation.

  The above-mentioned access operation (also referred to as online operation) is, for example, connecting the PLC main unit and the programming device with a cable, and the user (operator) reads and monitors the sequence program of the PLC main unit. This refers to operations such as editing and transferring to the PLC main unit, monitoring and writing of PLC internal data, and changing the system configuration of the control target device. The editing of the sequence program means all operations related to the creation of the sequence program such as creation, change, and debugging of the sequence program.

  A programmable controller (PLC) is known as a device that automatically performs sequence control of a control target device connected to a PLC by calculating and executing a sequence program. The sequence program is usually edited by a user on a programming device using a programming language such as a ladder diagram, converted into a machine language (machine code), and stored in the PLC via a communication cable or the like.

By the way, in order to prevent erroneous modification of the sequence program, the PLC that automatically controls the device to be controlled is usually set with one password, and the user can access the PLC via the programming device. When trying to do so, only users who can enter this password can access it.
This operation will be specifically described. Conventionally, when a password is set in a PLC from a programming device, the password data is stored in a password data area in the PLC, and the PLC is in a protected state. In this state, the PLC rejects if a sequence program read operation is performed from the programming device. If the user is not authenticated by entering a password, all online operations are blocked.

The user authentication is performed by sending password data input by the user from the programming device to the PLC, and the PLC collates the password thus set with the password set for itself. If they match, the protected state is canceled and the user can perform online operations on the PLC.
Patent Document 1 discloses a programmable controller system that can store a plurality of user programs in units of program blocks, and assigns a key such as a password to each group of program blocks (program block groups), thereby protecting the program. A programmable controller system that can set or release security for each program block group in a batch is disclosed.
JP 2002-328706 A

  The password that is normally set in the above-described conventional PLC includes the level of the operation authority of the user who wants to access the PLC, in other words, which of the various access functions is assigned to the user. There is no function to distinguish whether to allow or prohibit access operations by function, and any user can enter online passwords (access operations) by entering this password. The

In the programmable controller system of Patent Document 1, a plurality of passwords are used. These passwords are for distinguishing program block groups that can set / cancel security. There is no function to distinguish.
Thus, since the password set in the conventional PLC does not have a function of distinguishing the level of the user's operation authority, the user who tries to access the PLC that controls the control target device, for example, Access operation functions that determine whether the administrator, maintenance person, end user, etc. have operating authority, and allow or prohibit access operations for each function according to the operation authority level of the user There is a problem that the types of can not be separated.

In order to maintain compatibility with the conventional PLC even when the password setting is increased in order to distinguish the operation authority level of the user, depending on whether or not the user can input a predetermined password, It is also necessary to be able to use a function of two-party selection for permitting or prohibiting all online operations of the user.
The conventional password protection is realized by the system software on the PLC side. If the password setting is increased in order to distinguish the operation authority level of the user, the PLC system software needs to be changed. For this reason, when the PLC is used for a control target device that is already operating, there is a problem that the operation of the control target device must be stopped for a time that cannot be ignored.

Recently, the types of user operation authority levels described above are not limited to the limited number of types such as managers, maintenance personnel, and end users, and are further increased to individual user levels to access the PLC. It is also desired to be able to set various types of function-specific access operations that are permitted or prohibited in advance for each user who wants to do this.
It is an object of the present invention to provide a programmable controller programming device that can solve these problems.

In order to solve the above-described problem, a programming device for a programmable controller according to claim 1 comprises:
Programmable coupled to the programming device and the communication means (common bus 18) via a man-machine interface comprising an operation input means (input device 14) and a display means (display 15) provided in the programming device (10). A predetermined one of a plurality of levels of access authority (levels of administrator authority A, maintenanceman authority B, end user authority C, etc.) is assigned to each user who wants to access the controller (19) in advance. A level and a predetermined one of a plurality of passwords for authenticating the level (administrator password data 23, maintenance man password data 24, etc.) are assigned and used for this user. Each programmable according to the level of the access right assigned to the user All access operations (such as No. 01 online start, ..., No. 32 password cancellation, etc.) for a plurality of predetermined functions performed on the controller, or access for a predetermined function from all the access operations for each function A programmable controller programming device that allows access operations according to function excluding operations,
At least in the state where no password is set in the programmable controller, based on a predetermined operation for password input via the man-machine interface (hereinafter referred to as password input operation) Password setting means (such as password circuit setting means 31) that allows the password to be set;
When it is detected that a user has attempted to access the programmable controller and a password is currently set in the programmable controller, and it is determined that a password has been set, the password input operation Prompt for the user's password, check the entered password against the password set in the programmable controller to determine the level of access authority of the user, and to the user as described above It is assumed that an access authority determination / operation function restriction means (32) for permitting an access operation according to function according to the level is provided.

The programmable controller programming device according to claim 2 is the programmable controller programming device according to claim 1,
Instead of a plurality of passwords for authenticating the access authority level, a plurality of passwords and no password are used, and the password setting means uses the latter plurality of passwords as described above. Make it configurable.

The programmable controller programming device according to claim 3 is the programmable controller programming device according to claim 1 or 2,
When the access authority determination / operation function restriction unit determines that no password is currently set in the programmable controller, the user is permitted to perform all of the predetermined plurality of function-specific access operations.

The programmable controller programming device according to claim 4 is the programmable controller programming device according to any one of claims 1 to 3,
When enabling the password setting means to set up to the plurality of passwords in the programmable controller, the plurality of levels of the access authority are enabled or disabled based on a predetermined operation via the man-machine interface. The level valid / invalid data (22) that determines whether to be set in the programmable controller, and
When the access authority determination / operation function restriction means determines that a password is currently set in the programmable controller as described above, and asks for the user's password, it is set in the programmable controller at the same time. The level valid / invalid data setting contents can be checked, and as a result, when it is determined that the data is invalid, only one password set in the programmable controller or the same is set. A predetermined one of the plurality of passwords (in this example, the administrator password data 23) is collated with the password inputted by the user. All of the predetermined plurality of function-specific access operations are permitted.

The programmable controller programming device according to claim 5 is the programmable controller programming device according to any one of claims 1 to 3,
The password setting means converts up to the plurality of passwords into sequence command data having a configuration that does not affect execution of sequence control of the programmable controller, and enables setting to the programmable controller.

The programmable controller programming device according to claim 6 is the programmable controller programming device according to claim 4,
The password setting means converts up to a plurality of passwords and level valid / invalid data into sequence command data having a configuration that does not affect execution of sequence control of the programmable controller so as to be set in the programmable controller.

The programmable controller programming device according to claim 7 comprises:
Programmable coupled to the programming device and the communication means (common bus 18) via a man-machine interface comprising an operation input means (input device 14) and a display means (display 15) provided in the programming device (10). For authenticating each of one or more users who want to access the controller (19), or multiple levels of access authority (administrator authority A, maintenanceman authority B, end user authority C, etc.) Password information group consisting of passwords for authenticating one level given to each of the users,
Similarly, for each access operation of a predetermined plurality of functions (F1, F2,..., Etc. as the operation function F) performed on the programmable controller via the man-machine interface, the access operation for each function is performed. An operation restriction information group consisting of operation restriction information determined for each of the access authority levels determined for each of the users, or determined for each of the users.
Either the programming device or the programmable controller, or the password information group in either the programming device or the programmable controller, and the operation restriction information group in either the programming device or the programmable controller Password / operation restriction information setting means (such as 61) to be set on the other side,
The password related to the user or the access authority level of the user based on a predetermined operation for password input via the man-machine interface is detected when the user tries to access the programmable controller. The operation restriction information group is set after authenticating the user or the access authority level of the user by checking each password in the set password information group for the operation input of An operation function restriction means (user authentication / operation function restriction means for restricting the access operation by function performed by the user with reference to the operation restriction information related to the user or the access authority level of the user. 62).

The programmable controller programming device according to claim 8 is the programmable controller programming device according to claim 7,
A password information group (5-1, 51-2,..., Etc. as user-specific password data 51) for authenticating each of the users by the password / operation restriction information setting means ( Operation restrictions including password data 510 for all users) and operation restriction information (52-1, 52-2, etc. as user-specific operation restriction data 52) defined for each user. Both information group (operation restriction data 520 for all users, etc.) are set in the programmable controller,
At this time, the password / operation restriction information setting means is connected to the programmable controller to which the password information group and the operation restriction information group are to be set, and is activated based on a predetermined operation via the man-machine interface. A password information group and operation restriction information group to be stored in the programmable controller while prompting the corresponding operation input through the man-machine interface to the outside are once created on the programming device and then transferred to the programmable controller and set. To do.

The programmable controller programming device according to claim 9 is the programmable controller programming device according to claim 8,
Guidance screen (user-specific operation restriction setting) that the password / operation restriction information setting means displays on the display means a corresponding operation input via the man-machine interface that the password / operation restriction information setting means prompts to the outside It is assumed that the operation input by the operation input means is performed on the screen 40).

The programmable controller programming device according to claim 10 is the programmable controller programming device according to claim 8 or 9,
The operation function restriction means detects whether the user has attempted to access the programmable controller, and checks whether the password information group and the operation restriction information group are currently set in the programmable controller. When it is determined that the password information group and the operation restriction information group are set, the process proceeds to the process for requesting the operation input of the password related to the user as described above.

A programmable controller programming device according to claim 11 is the programmable controller programming device according to claim 10,
When the operation function restriction unit determines that the password information group and the operation restriction information group are not currently set in the programmable controller, the operation function restriction unit permits the user to perform all the function-specific access operations.

The programmable controller programming device according to claim 12 is the programmable controller programming device according to any one of claims 8 to 11,
The password / operation restriction information setting means transfers the password information group and the operation restriction information group to be transferred and set to the programmable controller as described above (an instruction code indicating that this information group is a pseudo instruction before and after this information group). In other words, it is converted into instruction data having a configuration that does not affect the execution of the sequence control in the sequence program of the programmable controller.

The programmable controller programming device according to claim 13 is the programmable controller programming device according to claim 12,
When the password / operation restriction information setting unit converts and sets the password information group and the operation restriction information group in the sequence program of the programmable controller as described above, the password information group and the operation restriction information group are collectively stored in the batch data ( At least the header information (501 etc.) indicating the presence of the batch data is added to the head of the batch data as the password / operation restriction information 500).

The operation of the present invention is as follows.
In other words, the operation of the invention related to claims 1 to 6 (referred to as the first invention) is that a user who wants to perform an access operation (online operation) via a programming device to a PLC that controls a device to be controlled is managed, for example. To determine which level of operation authority, such as an administrator, maintenance man, end user, etc., and to restrict the types of access operations by function that are prohibited or permitted to the user according to the determined operation authority level To do.

In order to maintain compatibility with the conventional PLC, two-party selection of whether to permit or prohibit all access operations of the user, depending on whether the user can enter a predetermined password The function of can be selected.
Also, even when the type of operation by function that prohibits / permits access operation according to the user's operation authority level is limited, it is not necessary to change the PLC system software by responding by changing the system software of the programming device. The control operation of the PLC that is already in operation is not required to be stopped for a time during which the control target device cannot be ignored.

  In addition, the operation of the invention relating to claims 7 to 13 (referred to as the second invention) is as follows, for each user who intends to perform an access operation (online operation) via a programming device to the PLC that controls the device to be controlled. A password for authenticating the user and operation restriction information that determines whether or not the user is permitted to perform each function-specific access operation for each of a plurality of predetermined function-specific access operations to the PLC in advance. Set and restrict the type of access operation by function to the PLC that is actually performed by the user who is authenticated by the set password with reference to the set operation restriction information, It is intended to make the best use of the operation capability of each user's PLC.

According to the first invention relating to claims 1 to 6, the control target device is controlled by adding software means such as password circuit setting means 31 and access authority determination / operation function restriction means 32 to the system program of the programming device. For example, it is determined whether the user who wants to access the PLC via the programming device has an operation authority such as an administrator, a maintenance person, an end user, etc., and according to the determined operation authority level. To restrict the types of access operations by function that are prohibited or permitted to the user.
For example, it is possible to prevent malfunction of a control target device due to an operation error of a maintenance man or an end user, unauthorized copying of sequence program data in the PLC, and the like, and improve the security of the entire system including the control target device. .

  According to the second invention relating to claims 7 to 13, the password / operation restriction information setting means 61 and the user authentication / operation function restriction means 62 which are software means are added to the system program of the programming device, and this setting is performed. A password for authenticating the user and a type of access operation for each function permitted or prohibited for the user are set in advance for each PLC user via the means 61, and a password / operation restriction including these setting information is set. When the information 500 is stored in the PLC and the user tries to access the PLC that actually controls the device to be controlled, the user authentication / operation function restriction means 62 uses the password / operation restriction information in the PLC. 500 so that the types of access operations by function performed by the user can be restricted. Can take full PLC operation capability, you are possible to enhance the efficiency in the PLC.

(Embodiment 1)
First, an example of the first invention related to claims 1 to 6 as the first embodiment of the present invention will be described with reference to FIGS. FIG. 1 is a block diagram of a system including a programming device and a PLC connected thereto as an embodiment of the first invention. In the figure, 10 is a programming device, and 19 is a programmable controller (PLC) connected to the programming device 10 via a common bus 18. In the present embodiment, it is assumed that the PLC 19 can perform sequence control on a control target device (not shown) connected to itself.

In the programming device 10, a central processing unit (CPU) 11, a system memory 12, a sequence program memory 13, an input device 14 including a keyboard and a mouse (not shown), and a display 15 are connected to a common bus 17, and further, a common bus 17 is connected to the common bus 18 via an input / output interface (abbreviated as I / O) 16.
The CPU 11 executes a system program stored in the system memory 12. In addition to programs related to display, editing, and transfer processing of sequence programs, this system program includes, for example, PLC operation / stop (No. 26) and PLC information display (No. 26) shown in FIG. 14) and the like, and a program that allows the PLC 19 to perform various access operations (online operations).

The system memory 12 is an area for storing the system program executed by the CPU 11, but also includes a work area for storing data used for the calculation of the CPU 11, data to be displayed on the display 15, a sequence program being edited, and the like. .
The password circuit setting means 31 and the access authority determination / operation function restriction means 32 shown in the system memory 12 are the cores of the present invention added to the system program, that is, programs relating to the restriction of the access operation to the PLC 19, where The password circuit setting means 31 is a program for inserting the password circuit 21 described later as a pseudo circuit into the sequence program and setting it in the PLC 19.

As will be described in detail later, the access authority determination / operation function restriction means 32 determines whether or not the user (operator) who wants to access the PLC 19 has an operation authority and the level of the operation authority. This is a program that limits the types of operation functions permitted to the operator among various operation functions (operation functions).
The sequence program memory 13 temporarily stores a sequence program to be transferred to the PLC 19 or read from the PLC 19. From the input device 14, it is possible to input an operation instruction to the CPU 11 by the user, a sequence command constituting a sequence program, and various function-specific access operations to the PLC 19 as shown in FIG. 4 (described later).

The display 15 generally displays contents necessary for various operations by the input device 14 and contents requested by the operations, and displays the sequence program in a programming language form such as a ladder diagram in the sequence program creation mode. The input / output interface 16 has a role of coupling the common buses 17 and 18 together.
FIG. 2 shows the structure of the head portion of the sequence program including the password circuit 21 expressed by a ladder diagram as one embodiment of the first invention. In this embodiment, as will be described later with reference to FIG. 4, the level of access authority of the user to the PLC 19 is divided into the administrator authority A, maintenanceman authority B, and end user authority C, and the password is for the administrator. Two passwords and a maintenance man password are used.

  Then, a pseudo circuit composed of the administrator password data 23, the maintenance man password data 24, and the level valid / invalid data 22 (that is, a circuit that is placed in the form of a circuit in the sequence program but is not related to the actual sequence control). The password circuit 21 is inserted into the head of the sequence program as shown by the broken line in FIG.

The level valid / invalid data 22 is for enabling the leveling of access authority to be invalidated in order to maintain compatibility with the conventional PLC. When “” is set, only one password (in this embodiment, only the administrator password data 23) is used.
In order to set such a password circuit 21 in the PLC 19, a monitor start operation for starting monitoring from the input device 14 is performed in a state where the password circuit 21 is not set in the PLC 19 in advance. As a result, the sequence program during operation of the PLC 19 is read into the sequence program memory 13 of the programming device 10 (in other words, the PLC 19 transfers and copies the sequence program to the sequence program memory 13).

  In the present embodiment, the monitor start operation is performed in No. 1 in FIG. An operation for monitoring (monitoring) a sequence program during operation of the PLC 19 that is permitted regardless of the user's operation authority level corresponding to the operation function “monitor” of 29. The sequence program and its operation data are transferred and copied to the sequence program memory 13, and the transferred operation data is constantly updated by the PLC 19.

  With the monitor start operation thus performed, the password circuit setting means 31 described with reference to FIG. 1 is activated, and the administrator password 23 and the maintenance man password 24 are stored in the programming device 10 while using the input device 14 and the display 15. And the level valid / invalid data 22 are entered as “valid” or “invalid” in accordance with the use conditions of the PLC 19 at that time.

Then, the password circuit setting means 31 of the programming device 10 first replaces the administrator password data 23, the maintenanceman password data 24, and the level valid / invalid data 22 with device addresses and converts them into sequence commands.
The converted command related to the password circuit is not displayed on the display unit 15 so that the actually operated sequence program displayed in the ladder diagram can be correctly recognized. However, the command statement in the sequence program is shown in FIG. As indicated by the dotted line, the level valid / invalid data 22, the administrator password 23, and the maintenance man password 24 are included in the system memory 12 of the programming device 10 as the password circuit 21 that is not connected to the left bus 25 and the right bus 26. In the work area for creating password circuit data.

  Next, when an operation to instruct transfer is performed by the input device 14, the password circuit setting unit 31 temporarily interrupts the control operation of the PLC 19 during sequence control, and enters the password circuit data creation work area in the system memory 12. A certain password circuit data is inserted at the head of the sequence program read into the sequence program memory 13, and the new sequence program is transferred to the PLC 19 to resume its control operation. Thus, the password circuit 21 is set in the PLC 19.

  As described above, since the password circuit 21 is not connected to the left bus 25 and the right bus 26, it is not executed as a sequence program related to the actual control operation of the PLC 19, and does not affect other programs. In addition, when the PLC 19 sequence program in which the password circuit 21 is set in this way is monitored by the programming device 10, the display on the display unit 15 of the password circuit 21 is displayed so that the actually operating sequence program can be correctly recognized. Not performed.

FIG. 3 is a flowchart showing an embodiment of a processing procedure for determining the access authority of the user by the programming apparatus 10, and thus the access authority determination / operation function restriction means 32 described in FIG. 1, and S1 to S12 are step numbers thereof. It is.
FIG. 4 shows a comparison of the relationship between the type of access authority level of the operator and the type of operation function for which access is restricted as one embodiment of the first invention. In FIG. Three levels of administrator authority A, maintenance man authority B, and end user authority C are set in the horizontal direction, and the type of operation function is set to No. in the vertical direction. No. 01 from the start of online As 32 types up to 32 password clearing, the operation functions that enable operation for each access authority level are indicated by ◯, and the operation functions that disable operation are indicated by ×.

  In FIG. 4, the administrator authority A can perform operations related to all the operation functions, but the maintenance man authority B has some operation functions, which are No. in this example. 13 system definition, no. 28 PLC model change, No. No. 30 administrator authority password change, No. 30 The operation related to 32 password batch release is disabled. Further, the end user authority C can only perform operations related to operation functions that do not affect the control operation of the PLC.

  Next, FIG. 3 will be described with reference to FIG. In the state where the password circuit 21 is set as described above according to the usage condition of the PLC 19 and the PLC 19 connected to the programming device 10 controls the control target device, the access authority determination / operation function restriction of the programming device 10 First, the means 32 determines whether or not the operator has attempted to perform an online operation using the input device 14 (step S1). This determination is made in No. The presence or absence of an operation corresponding to 01 “online start” is detected.

When the “online start” operation is detected (step S1, branch Yes), the programming device 10 (means 32) determines whether or not the password circuit 21 is set in the PLC 19 (step S2).
Here, when the password circuit 21 is not set (step S2, branch No), it is assumed that any operator is permitted all the operation functions shown in FIG. 4, and in this example, the access authority of the operator is concerned. Is equivalent to having been determined as the administrator authority (step S12).

On the other hand, if the password circuit 21 is set in step S2 (Yes in branch), the programming device 10 (means 32) prompts the operator to input a password via the display 15.
When a password is input (step S3), it is checked whether or not the level valid / invalid data 22 in the password circuit 21 is set to “valid” (step S4).

If "valid" is not set here (step S4, branch No), it is further checked whether or not the password input in step S3 is the same as the administrator password 23 in the password circuit 21 (step S10).
Here, if the input password is the same as the administrator password 23 (step S10, branch Yes), the access authority of the operator is determined as the administrator authority (step S12), but the input password is If it is not the same as the administrator password 23 (step S10, branch No), it is assumed that authentication of the access authority of the operator has failed (step S11).

On the other hand, if the level valid / invalid data 22 is set to “valid” in step S4 (Yes in branch), it is checked whether or not the input password is the same as the password 24 for the maintenance man in the password circuit 21 (step S5). ).
If the input password is the same as the maintenance man password 24 (step S5, branch Yes), the access authority of the operator is determined as the maintenance man authority (step S9). If it is not the same as the man password 24 (step S5, branch No), it is further checked whether or not the input password is the same as the administrator password 23 (step S6).

If the input password is the same as the administrator password 23 (step S6, branch Yes), the access authority of the operator is determined as the administrator authority (step S12), while the input password is managed. If it is not the same as the user password 23 (step S6, branch No), it is further checked whether or not the input password is blank (step S7).
Here, if the input password is not blank (step S7, branch No), it is assumed that authentication of the access authority of the operator has failed (step S11). On the other hand, if the input password is blank (step S7, branch Yes) ), The access authority of the operator is determined as the end user authority (step S8).

As a result of the above determination processing, the access authority determination / operation function restriction means 32 of the programming device 10 sends the access authority to the PLC 19 related to the operation function permitted at the corresponding authority level as shown in FIG. Allow access operations. However, when authentication fails in the determination process, the process of FIG. 3 is repeated again.
In this embodiment, the user who is determined to have the administrator authority A by the process of FIG. 30 “Administrator authority password change” and No. 30 The user who is determined to have the maintenance man authority B is permitted to perform the “change maintenance man authority password” operation No. 31. 31 “maintenance man authority password change” operation is permitted.

  In this embodiment, when such a password change operation is performed, the monitoring start operation performed at the time of the new password setting is valid at that time (that is, the monitoring of the operation data of the sequence program of the PLC 19 is continued). If it is not, the monitor start operation is performed again, the sequence program in operation of the PLC 19 is read into the sequence program memory 13 of the programming device 10, and the password change operation is performed.

Then, the password circuit setting means 31 in FIG. 1 uses the conventional password circuit 21 set in the sequence program read into the sequence program memory 13 as a work area for creating password circuit data in the system memory 12 of the programming device 10. Forward.
Subsequently, the password circuit setting means 31 is a new administrator password data 23 and maintenanceman password data 24 that are operated and input under the administrator authority, or a new operation input that is performed under the maintenanceman authority. The administrator password data 23 and the maintenance man password data 24 in the conventional password circuit 21 transferred to the password circuit data creation work area in the system memory 12 by the maintenance man password data 24, or the maintenance man password. Each data 24 is rewritten.

Then, the new password circuit 21 rewritten replaces the conventional password circuit 21 in the sequence program in the sequence program memory 13, and the new sequence program is transferred to the PLC 19 to resume the sequence control.
In addition, the user who is determined to have the administrator authority A further receives a No. 1 as shown in FIG. 32 “Batch password cancellation” operations are permitted. In performing this operation, as in the case of the password changing operation described above, a monitor start operation is performed in advance as necessary, and the sequence program of the PLC 19 is read into the sequence program memory 13 of the programming device 10.

  In this state, when the password batch release operation is performed under the authority of the administrator, the password circuit setting unit 31 deletes the password circuit 21 set at the head of the sequence program read into the sequence program memory 13 in a batch. To do. Then, the new sequence program from which the password circuit 21 has been deleted is transferred to the PLC 19 and the sequence control is resumed.

(Embodiment 2)
By the way, in the first embodiment of the present invention described above, a combination of types of access operations by function that are permitted or prohibited to the user for the PLC (referred to as an operation restriction pattern for convenience) is assigned to the administrator, maintenance man, and end user. The operation authority level is limited to three.

However, depending on the organization that uses the PLC, for example, there is a person who has the ability to change the value of the data memory even if it is an end user and wants to make use of this ability in business, or a maintenance man. There are various stages in the ability of the user to operate the PLC such that there are those who have insufficient ability to change the program.
For this reason, recently, the operation restriction pattern can be set for each user (in other words, the operation authority level is increased from a limited number of types such as three to a user-specific stage). It came to be requested.

Next, referring to FIG. 5 to FIG. 10, an example of the second invention according to claims 7 to 13 as a second embodiment of the present invention having a function satisfying such a demand will be described.
FIG. 5 is a block diagram of a system including a programming device as one embodiment of the second invention and a PLC connected thereto, and corresponds to FIG. 5 differs from FIG. 1 in that the password circuit setting means 31 and the access authority determination / operation function restriction means 32 in the system memory 12 of the programming device 10 in FIG. 61 and the user authentication / operation function restriction means 62, and the password circuit 21 in the PLC 19 in FIG. 1 is replaced with the password / operation restriction information 500 in FIG.

In FIG. 5, the description of the functions of the means other than the means 31, 32 and 21 in FIG.
The password / operation restriction information setting means 61 and the user authentication / operation function restriction means 62 in the system memory 12 of FIG. 5 are also the core of the second invention added to the system program stored in the system memory 12, That is, it is a program related to the restriction of access operation to the PLC 19. Here, the password / operation restriction information setting means 61 inserts a password / operation restriction information 500 described later as a pseudo instruction in the sequence program and sets it in the PLC 19. It is.

The user authentication / operation function restricting means 62 authenticates the user who intends to perform an access operation to the PLC 19 and refers to the password / operation restriction information 500 transferred from the PLC 19. It is a program that restricts the types of access operations by function (hereinafter also referred to as operation functions) performed by users.
FIG. 6 shows a user-specific operation restriction function setting screen 40 as a screen displayed on the display unit 15 when setting the type of operation function permitted or prohibited for each user by the processing of the password / operation restriction information setting means 61. Examples of

  In the figure, reference numeral 41 denotes a user # 1, # 2,..., # As n users in this example, in which passwords are given in advance by password setting processing (described later) via the setting means 61. The user list screen 42 showing n as a list is an operation function # 1, # 2,..., # 5,..., which is all types of operation functions permitted or prohibited for each user. These operation function codes are generally F, and individually are F1, F2,..., F5,.

Each of the operation functions F (F1 as # 1, F2 as # 2,...) Is, for example, No. in FIG. 01-No. It may be considered that it corresponds to 32 operation function types. Each operation function F has a check box CB.
FIG. 6 shows an example in which user # 1 is displayed in an active display and operation restrictions are set for user # 1. Here, among the operation functions F, the operation functions that are turned on by putting a check mark in the check box CB (F1, F2, F4, etc. in this example) are permitted, and the operation functions that are turned off without the check mark (this example) Then, F3, F5, etc.) are set to be prohibited.

FIG. 7 is a flowchart showing the setting process of the password / operation restriction information 500 via the password / operation restriction information setting means 61. S21 to S24 are step numbers.
FIG. 8 shows an embodiment of the configuration of the information 500 developed in the work area in the system memory 12 of the programming device 10 when the password / operation restriction information 500 is created by the processing of FIG.

In FIG. 8, password data # 1, # 2,..., #N are password data set for users # 1, # 2,. In addition, the codes | symbols of these password data are 51-1, 51-2, ..., 51-n, respectively, and generally 51 is called password data classified by user.
Further, the operation restriction data # 1, # 2,..., #N are operation restriction data set for the users # 1, # 2,. In addition, the codes of these operation restriction data are 52-1, 52-2, ..., 52-n, respectively, and generally 52 is referred to as user-specific operation restriction data.

  Here, a pair of password data # 1 and operation restriction data # 1 set for user # 1, a pair of password data # 2 and operation restriction data # 2 also set for user # 2, and so on. The pair of password data #n and operation restriction data #n set for user #n is called user-specific access restriction information 50-1, 50-2, 50-n, respectively, and generally user-specific access restrictions. This is called information 50.

  The password / operation restriction information 500 includes password data # 1 to #n for all users that can be formed from the access restriction information 50-1, 50-2, ..., 50-n for each user set in this way. 510 and 520 as operation restriction data # 1 to #n for all users, and password data 510 for all users and operation restriction data 520 for all users added to the head of the password / operation restriction information 500. It consists of header information 501 indicating the total data size and the like.

  Note that the operation restriction data 520 for all users (right side of the white thick arrow) shown as (a) in FIG. 8 is addressed in the vertical direction in the operation restriction data 520 for all users on the left side of the thick arrow. An example of the internal configuration of the operation restriction data # 1 of the first user # 1 as a representative example among the operation restriction data # 1 to #n arranged in order, that is, the operation restriction data 52-1 for each user is shown. It is.

  As shown in the figure, the user-specific operation restriction data 52 (52-1 in this example) is stored in each of all the operation functions F (F1, F2,...) That are setting target items for each user described in FIG. Bits corresponding to the operation function are sequentially arranged horizontally, and among these bits, for example, the bit of the operation function F permitted to turn on the check box CB for the user (user # 1 in this case) is “ The bit is set as “0” in the bit of the operation function F which is set to “1” and prohibited by turning off the check box CB.

  Next, the setting process of FIG. 7 through the password / operation restriction information setting unit 61 of FIG. 5 will be described with reference to FIGS. In starting this processing, the programming device 10 is set in advance to the PLC 19 that should newly set the password / operation restriction information 500, or to the PLC 19 that should update the password / operation restriction information 500 that has already been set and held. After the connection, a monitor start operation for starting monitoring from the input device 14 is performed. As a result, the sequence program during operation of the PLC 19 is read into the sequence program memory 13 of the programming device 10 (transfer copied from the PLC 19).

  In this embodiment as well, the monitor start operation is the same as that in FIG. An operation for monitoring a sequence program during operation of the PLC 19, which is permitted to any user, corresponding to the operation function “monitor” 29, and the sequence program memory 13 from the PLC 19 by this monitor start operation. The sequence program and its operation data are transferred and copied, and the transferred operation data is constantly updated by the PLC 19.

With the monitor start operation performed in this way, a special operation that is not included in the operation function F (F1, F2,...) Of FIG. The restriction information setting unit 61 is activated, and the processes in FIG. 7 are sequentially executed. Note that the processing of FIG. 7 is all performed by such a special operation.
First, a password setting screen (not shown) is displayed on the means 61, and for each user, the name of the user (in this example, user # 1, user # 2,... And passwords to be given to the user are generated and set by generating user-specific password data 51-1, 51-2, ..., 51-n (step S21).

Next, the user-specific operation restriction function setting screen 40 shown in FIG. 6 is displayed. Then, on the user list screen 41, the names of the users set with the password data 51 for each user are sequentially displayed as user # 1, user # 2,..., User #n, and the operation function. The list screen 42 displays all the operation functions F (F1, F2,...) Whose check box CB is off.
Therefore, by selecting the target user on the user list screen 41 and making it active, only the check box CB of the operation function F permitted to the user is turned on, and the above-mentioned user-specific operation restrictions for the user are described above. Data 52 is set. This setting operation is repeated for all users for which password data is set (step S22).

Next, the same information setting means 61 is made to create password / operation restriction information 500 from the access restriction information 50 for each user of all users thus created. At this time, the information setting means 61 adds header information 501 to the head of the password / operation restriction information 500 (step S23).
Next, the password / operation restriction information 500 thus created is transferred to the PLC 19 via the information setting means 61. At this time, the information setting means 61 temporarily stops the control operation of the PLC 19 during the sequence control, and this information 500 does not affect the sequence control before and after the password / operation restriction information 500 in the work area of the system memory 12. An instruction code indicating that it is a pseudo instruction is added, and the password / operation restriction information 500 newly set at the top of the sequence program read into the sequence program memory 13 or already set at the top of the sequence program being read. The new sequence program is transferred to the PLC 19 and its control operation is resumed.

The password / operation restriction information 500 transferred in this way is newly set in the PLC 19 or is set by updating the information 500 already set in the PLC 19 (step S24).
FIG. 9 refers to the user authentication / operation function restriction means 62 shown in FIG. 5, that is, the password / operation restriction information 500 transferred from the PLC 19 and authenticates the user who wants to perform an access operation on the PLC 19. Steps S31 to S38 are the step numbers in the flowchart showing the processing of the program that restricts the type of access operation (operation function) by function performed by the user. FIG. 10 is an explanatory diagram showing data movement of the password / operation restriction information 500 referred to in this processing.

  Next, FIG. 9 will be described with reference to FIG. In a state where the PLC 19 connected to the programming device 10 controls the control target device, the user authentication / operation function restriction means 62 of the programming device 10 first tries to perform an online operation by the user using the input device 14. Whether or not (step S31). This determination is also made in No. 1 in FIG. This corresponds to detecting the presence / absence of an operation corresponding to 01 “online start”.

Here, when an online operation is detected (step S31, branch Yes), the programming device 10 (means 62) of the sequence program stored in the user memory of the PLC 19, that is, the password / operation restriction information 500 is stored. The head part is read and it is checked whether or not the header information 501 is set (step S32).
If the header information 501 is set (step S32, branch Yes), the process proceeds to step S33, but if the header information 501 is not set (that is, the information 501 does not exist) (step S32). , Branch No), the process proceeds to step S38, where the user is permitted all the operation functions F in FIG. 6 so that the input device 14 related to all the operation functions F can be operated.

  On the other hand, in step S33, the password data 510 for all users and the operation restriction data 520 for all users in the password / operation restriction information 500 of the PLC 19 are read based on the header information 501. Then, based on the data 510 and 520, the user-specific access restriction information 50 (50-1, 50-2,...) For all users registered in the data 510 is generated.

  Next, the programming device 10 (means 62) prompts the user to input a password by displaying the screen on the display 15 (step S34). Here, when a password is input from the user, the means 62 uses the user-specific password data 51 (51-1, 50-1) in each user-specific access restriction information 50 (50-1, 50-2,...). 51-2,...) Is searched for whether there is a match with the input password of the user (step S35).

If there is no password match and it is determined that the input password is invalid (step S35, branch No), the process returns to step S34 to instruct the user to input the password again.
If there is a password that matches the password at Step S35 (Yes in branch), the user is authenticated, and the user-specific operation restriction data 52 is extracted from the user-specific access restriction information 50 for the user (Step S35). S36).

  Then, the means 62 enables the operation input related to the permitted operation function F, which is set in the user-specific operation restriction data 52 among the operation input (function-specific access operation) to be performed by the user. In addition, the operation input related to the prohibited operation function F is disabled (step S37).

System configuration diagram of a programming device as one embodiment of the first invention Configuration diagram of a sequence program head portion including password data as one embodiment of the first invention The flowchart which shows the procedure as one Example of the access authority determination process of the access authority determination / operation function restriction | limiting means of FIG. The figure which shows the list | wrist of a response | compatibility with the classification of the access authority level and operation function classification as one Example of 1st invention The system block diagram of the programming apparatus as one Example of 2nd invention The figure which shows the structure of the operation restriction | limiting function setting screen classified by user as one Example of 2nd invention. The flowchart which shows the procedure as one Example of the setting process via the password and operation restriction information setting means of FIG. The figure which shows one Example of a structure of the password and operation restriction information of FIG. The flowchart which shows the procedure as one Example of a process of the user authentication and operation function restriction | limiting means of FIG. The figure which shows the Example of the movement of the data reference in the password and operation restriction information in the process of FIG.

Explanation of symbols

10 Programming device 11 CPU
12 System memory 13 System program memory 14 Input device 15 Display 16 Input / output interface (I / O)
17, 18 Common bus 19 Programmable controller (PLC)
20 Sequence Program 21 Password Circuit 22 Level Valid / Invalid Data 23 Password Data for Administrator 24 Password Data for Maintenance Man 25 Left Bus 26 Right Bus 31 Password Circuit Setting Means 32 Access Authority Judgment / Operation Function Restriction Means 40 User-Specific Operation Restrictions Function setting screen 41 User list screen 42 Operation function list screen 50 (50-1,..., 50-n) Access restriction information by user 51 (51-1,..., 51-n) By user Password data 52 (52-1,..., 52-n) User-specific operation restriction data 61 Password / operation restriction information setting means 62 User authentication / operation function restriction means 500 Password / operation restriction information 501 Header information 510 All User password data 520 Operation restriction data for all users F F1, F2, ···) operation function CB check box

Claims (13)

Each user who wants to perform an access operation to the programmable controller connected by the programming device and the communication means via the man-machine interface comprising the operation input means and the display means provided in the programming device has access authority in advance. The access authority assigned to the user by assigning a predetermined one of a plurality of levels and a predetermined one of a plurality of passwords for authenticating the level. Depending on the level of access, all of the predetermined plurality of function-specific access operations performed on the programmable controller, or the function-specific access operation excluding the access operations for the predetermined functions from all the function-specific access operations are permitted. Programmable controller programming A location,
At least in the state where no password is set in the programmable controller, based on a predetermined operation for password input via the man-machine interface (hereinafter referred to as password input operation) A password setting means for setting a password;
When it is detected that a user has attempted to access the programmable controller and a password is currently set in the programmable controller, and it is determined that a password has been set, the password input operation Prompt for the user's password, check the entered password against the password set in the programmable controller to determine the level of access authority of the user, and to the user as described above A programming controller for a programmable controller, comprising: access authority determination / operation function restriction means for permitting access operation according to function according to the level. The programming device for a programmable controller according to claim 1, wherein a plurality of passwords and no password are used in place of a plurality of passwords for authenticating the access authority level. A programming device for a programmable controller, characterized in that the latter plurality of passwords can be set as described above. The programming device of the programmable controller according to claim 1 or 2,
When the access authority determination / operation function restriction means determines that a password is not currently set in the programmable controller, the user is allowed to perform all of the predetermined plurality of function-specific access operations. A programmable controller programming device. In the programming device of the programmable controller in any one of Claim 1 thru | or 3,
When enabling the password setting means to set up to the plurality of passwords in the programmable controller, the plurality of levels of the access authority are enabled or disabled based on a predetermined operation via the man-machine interface. The level valid / invalid data that determines whether to be able to be set in the programmable controller, and
When the access authority determination / operation function restriction means determines that a password is currently set in the programmable controller as described above, and asks for the user's password, it is set in the programmable controller at the same time. The level valid / invalid data setting contents can be checked, and as a result, when it is determined that the data is invalid, only one password set in the programmable controller or the same is set. A predetermined one of the plurality of passwords is collated with the password input by the user, and when the collation is matched, all of the predetermined access functions for the plurality of functions are given to the user. Programmable controller program characterized by permitting Grayed apparatus. In the programming device of the programmable controller in any one of Claim 1 thru | or 3,
A programmable controller characterized in that the password setting means converts the plurality of passwords into sequence command data having a configuration that does not affect execution of sequence control of the programmable controller and can be set in the programmable controller. Programming device. The programmable controller programming device according to claim 4,
The password setting means can convert up to a plurality of passwords and level valid / invalid data into sequence command data having a configuration that does not affect the execution of sequence control of the programmable controller and can be set in the programmable controller. A programmable controller programming device. Each of one or a plurality of users who want to access the programmable controller coupled by the programming device and the communication means is authenticated via a man-machine interface comprising an operation input means and a display means provided in the programming device. Password information group consisting of passwords for authenticating one level given to each of the users among a plurality of levels of access authority,
Similarly, for each of a plurality of predetermined function-specific access operations performed on the programmable controller via the man-machine interface, each of the users is determined as to whether or not to permit the respective function-specific access operations, Alternatively, an operation restriction information group consisting of each operation restriction information defined for each access authority level given to each of the users,
Either the programming device or the programmable controller, or the password information group in either the programming device or the programmable controller, and the operation restriction information group in either the programming device or the programmable controller Password / operation restriction information setting means to be set on the other side,
The password related to the user or the access authority level of the user based on a predetermined operation for password input via the man-machine interface is detected when the user tries to access the programmable controller. The operation restriction information group is set after authenticating the user or the access authority level of the user by checking each password in the set password information group for the operation input of A programmable function comprising: an operation function restriction means for referring to the operation restriction information related to the user or the access authority level of the user and restricting the access operation by function performed by the user Controller programming device. The programmable controller programming device according to claim 7,
The password / operation restriction information setting means includes both a password information group composed of passwords for authenticating each of the users and an operation restriction information group composed of operation restriction informations defined for each of the users. Shall be set in the programmable controller,
At this time, the password / operation restriction information setting means is connected to the programmable controller to which the password information group and the operation restriction information group are to be set, and is activated based on a predetermined operation via the man-machine interface. A password information group and operation restriction information group to be stored in the programmable controller while prompting the corresponding operation input through the man-machine interface to the outside are once created on the programming device and then transferred to the programmable controller and set. A programmable controller programming device, characterized in that: The programmable controller programming device according to claim 8,
The operation input means for causing the password / operation restriction information setting means to prompt the outside to perform an appropriate operation input via the man-machine interface through a guidance screen displayed on the display means by the password / operation restriction information setting means. A programming device for a programmable controller, characterized in that the operation input is performed by. The programmable controller programming device according to claim 8 or 9,
The operation function restriction means detects whether the user has attempted to access the programmable controller, and checks whether the password information group and the operation restriction information group are currently set in the programmable controller. When it is determined that the password information group and the operation restriction information group are set, the programmable controller programming apparatus is configured to proceed to a process for obtaining a password operation input related to the user as described above. The programmable controller programming device according to claim 10,
When the operation function restriction unit determines that the password information group and the operation restriction information group are not currently set in the programmable controller, the user is allowed to perform all the function-specific access operations. A programmable controller programming device. The programming device for a programmable controller according to any one of claims 8 to 11,
The password / operation restriction information setting means is configured to transfer the password information group and the operation restriction information group that are transferred to the programmable controller as described above, and a command having a configuration that does not affect the execution of the sequence control in the sequence program of the programmable controller. A programmable controller programming device characterized in that it is converted into data and set. The programmable controller programming device according to claim 12,
When the password / operation restriction information setting unit converts and sets the password information group and the operation restriction information group in the sequence program of the programmable controller as described above, the password information group and the operation restriction information group are set as batch data. A programming apparatus for a programmable controller, wherein at least header information indicating the presence of the collective data is added to the head of the collective data.

Images