JP2014013622A - Programming device and programmable controller - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make the best use of the capability of a user to perform an access operation via an input device 14 and a display unit 15 of a programmable device 10 to a programmable controller (PLC) 19 connected via a common bus 18 to the programming device 10 for controlling equipment to be controlled.SOLUTION: Password/operation restriction information setting means 61 and user authentication/operation function restriction means 62 are added to a system program of a programming device. A password for authentication for every user and operation restriction information to determine the type of a function-categorized access operation to be permitted or prohibited for the user among a plurality of predetermined function-categorized access operations for every user are preset to a PLC by the means 61 in advance, and when the user attempts to perform the access operation to the PLC, the means 62 reads the setting information, and authenticates the user by asking for a password input of the user and refers to the operation restriction information of the user, and thereby restricts the type of the function-categorized access operation attempted to be performed by the user.

Description

The present invention relates to a programmable controller (also abbreviated as PLC) that controls a device to be controlled, and a programming device that accesses and operates the programmable controller.
The above-mentioned access operation (also referred to as online operation) is, for example, connecting the PLC main unit and the programming device with a cable, and the user (operator) reads and monitors the sequence program of the PLC main unit. This refers to operations such as editing and transferring to the PLC main unit, monitoring and writing of PLC internal data, and changing the system configuration of the control target device. The editing of the sequence program means all operations related to the creation of the sequence program such as creation, change, and debugging of the sequence program.

  A programmable controller (PLC) is known as a device that automatically performs sequence control of a control target device connected to a PLC by calculating and executing a sequence program. The sequence program is usually edited by a user on a programming device using a programming language such as a ladder diagram, converted into a machine language (machine code), and stored in the PLC via a communication cable or the like.

  By the way, in order to prevent erroneous modification of the sequence program, the PLC that automatically controls the device to be controlled is usually set with one password, and the user can access the PLC via the programming device. When trying to do so, only users who can enter this password can access it.

  This operation will be specifically described. Conventionally, when a password is set in a PLC from a programming device, the password data is stored in a password data area in the PLC, and the PLC is in a protected state. In this state, the PLC rejects if a sequence program read operation is performed from the programming device. If the user is not authenticated by entering a password, all online operations are blocked.

The user authentication is performed by sending password data input by the user from the programming device to the PLC, and the PLC collates the password thus set with the password set for itself. If they match, the protected state is canceled and the user can perform online operations on the PLC.
Patent Document 1 discloses a programmable controller system that can store a plurality of user programs in units of program blocks, and assigns a key such as a password to each group of program blocks (program block groups), thereby protecting the program. A programmable controller system that can set or release security for each program block group in a batch is disclosed.

JP 2002-328706 A

  The password that is normally set in the above-described conventional PLC includes the level of the operation authority of the user who wants to access the PLC, in other words, which of the various access functions is assigned to the user. There is no function to distinguish whether to allow or prohibit access operations by function, and any user can enter online passwords (access operations) by entering this password. The

  In the programmable controller system of Patent Document 1, a plurality of passwords are used. These passwords are for distinguishing program block groups that can set / cancel security. There is no function to distinguish.

  Thus, since the password set in the conventional PLC does not have a function of distinguishing the level of the user's operation authority, the user who tries to access the PLC that controls the control target device, for example, Access operation functions that determine whether the administrator, maintenance person, end user, etc. have operating authority, and allow or prohibit access operations for each function according to the operation authority level of the user There is a problem that the types of can not be separated.

  In order to maintain compatibility with the conventional PLC even when the password setting is increased in order to distinguish the operation authority level of the user, depending on whether or not the user can input a predetermined password, It is also necessary to be able to use a function of two-party selection for permitting or prohibiting all online operations of the user.

  The conventional password protection is realized by the system software on the PLC side. If the password setting is increased in order to distinguish the operation authority level of the user, the PLC system software needs to be changed. For this reason, when the PLC is used for a control target device that is already operating, there is a problem that the operation of the control target device must be stopped for a time that cannot be ignored.

  Recently, the types of user operation authority levels described above are not limited to the limited number of types such as managers, maintenance personnel, and end users, and are further increased to individual user levels to access the PLC. It is also desired to be able to set various types of function-specific access operations that are permitted or prohibited in advance for each user who wants to do this.

  It is an object of the present invention to provide a programmable controller programming device that can solve these problems.

The present invention is configured as follows.
A programming device for online operation of a programmable controller that executes a sequence program to control a control target device, wherein the programming device replaces password data input based on an input operation by a user with a device address of the programmable controller A means for converting the instruction into a sequence program; a means for inserting the sequence instruction into the sequence program as a pseudo circuit irrelevant to the actual control of the programmable controller; and a sequence program in which the pseudo circuit is inserted by the means for inserting into the sequence program. It is configured to transfer to a programmable controller.

  Further, the sequence program is a sequence program programmed with a ladder diagram having a bus line, and the pseudo circuit becomes unrelated to the actual control of the programmable controller by being disconnected from the bus line of the ladder diagram.

The password data is an authority level permitting a predetermined operation on the programmable controller.
The password data is a plurality of authority levels for each operation type for the programmable controller, and is different for each level.

  Further, level valid / invalid data for determining whether the authority level is valid or invalid is further input, and the means for converting to a sequence command replaces the password valid data with the level valid / invalid data with the device address of the programmable controller. Is converted into a sequence instruction.

  Also, during online operation, it is checked whether or not a pseudo circuit is set in the programmable controller. If it is determined that the pseudo circuit is set, the password is input to the user and the input password and the programmable controller are set. The programming device may be configured to check the authority level for the programmable controller by collating with the existing password and permit the operation according to the level.

  In addition, when it is determined whether or not the pseudo circuit is set in the programmable controller, if it is determined that the pseudo circuit is not set, the programming device is configured to permit all operations on the programmable controller. Also good.

  Further, the programmable controller is configured to have a storage unit that holds a sequence program including the pseudo circuit transferred by the programming device, and not to execute the pseudo circuit included in the sequence program held in the storage unit.

According to the present invention, by adding software means such as password circuit setting means 31 and access authority determination / operation function restriction means 32 to the system program of the programming device, the PLC that controls the control target device is connected via the programming device. For example, it is determined whether the user who wants to perform the access operation has an operation authority such as an administrator, a maintenance man, or an end user, and the user is prohibited according to the determined operation authority level, or Now that you can limit the types of access operations that are allowed by function,
For example, it is possible to prevent malfunction of a control target device due to an operation error of a maintenance man or an end user, unauthorized copying of sequence program data in the PLC, and the like, and improve the security of the entire system including the control target device. .

  Further, a password / operation restriction information setting means 61 and a user authentication / operation function restriction means 62 which are software means are added to the system program of the programming device, and each user of the PLC in advance via this setting means 61 The password for authenticating the password and the type of function-specific access operation permitted or prohibited for the user are set, and the password / operation restriction information 500 including these setting information is stored in the PLC and is actually controlled. When a user tries to access the PLC that controls the device, the user authentication / operation function restriction means 62 refers to the password / operation restriction information 500 in the PLC and performs the access operation according to the function performed by the user. Because it is possible to limit the type of PLC, it is possible to make the best use of each PLC's operation ability. It is possible to enhance the utilization efficiency of the PLC.

System configuration diagram of a programming device as one embodiment of the first invention Configuration diagram of a sequence program head portion including password data as one embodiment of the first invention The flowchart which shows the procedure as one Example of the access authority determination process of the access authority determination / operation function restriction | limiting means of FIG. The figure which shows the list | wrist of a response | compatibility with the classification of the access authority level and operation function classification as one Example of 1st invention The system block diagram of the programming apparatus as one Example of 2nd invention The figure which shows the structure of the operation restriction | limiting function setting screen classified by user as one Example of 2nd invention. The flowchart which shows the procedure as one Example of the setting process via the password and operation restriction information setting means of FIG. The figure which shows one Example of a structure of the password and operation restriction information of FIG. The flowchart which shows the procedure as one Example of a process of the user authentication and operation function restriction | limiting means of FIG. The figure which shows the Example of the movement of the data reference in the password and operation restriction information in the process of FIG.

(Embodiment 1)
First, an example of the first invention related to claims 1 to 6 as the first embodiment of the present invention will be described with reference to FIGS. FIG. 1 is a block diagram of a system including a programming device and a PLC connected thereto as an embodiment of the first invention. In the figure, 10 is a programming device, and 19 is a programmable controller (PLC) connected to the programming device 10 via a common bus 18. In the present embodiment, it is assumed that the PLC 19 can perform sequence control on a control target device (not shown) connected to itself.

  In the programming device 10, a central processing unit (CPU) 11, a system memory 12, a sequence program memory 13, an input device 14 including a keyboard and a mouse (not shown), and a display 15 are connected to a common bus 17, and further, a common bus 17 is connected to the common bus 18 via an input / output interface (abbreviated as I / O) 16.

  The CPU 11 executes a system program stored in the system memory 12. In addition to programs related to display, editing, and transfer processing of sequence programs, this system program includes, for example, PLC operation / stop (No. 26) and PLC information display (No. 26) shown in FIG. 14) and the like, and a program that allows the PLC 19 to perform various access operations (online operations).

  The system memory 12 is an area for storing the system program executed by the CPU 11, but also includes a work area for storing data used for the calculation of the CPU 11, data to be displayed on the display 15, a sequence program being edited, and the like. .

  The password circuit setting means 31 and the access authority determination / operation function restriction means 32 shown in the system memory 12 are the cores of the present invention added to the system program, that is, programs relating to the restriction of the access operation to the PLC 19, where The password circuit setting means 31 is a program for inserting the password circuit 21 described later as a pseudo circuit into the sequence program and setting it in the PLC 19.

  As will be described in detail later, the access authority determination / operation function restriction means 32 determines whether or not the user (operator) who wants to access the PLC 19 has an operation authority and the level of the operation authority. This is a program that limits the types of operation functions permitted to the operator among various operation functions (operation functions).

  The sequence program memory 13 temporarily stores a sequence program to be transferred to the PLC 19 or read from the PLC 19. From the input device 14, it is possible to input an operation instruction to the CPU 11 by the user, a sequence command constituting a sequence program, and various function-specific access operations to the PLC 19 as shown in FIG. 4 (described later).

  The display 15 generally displays contents necessary for various operations by the input device 14 and contents requested by the operations, and displays the sequence program in a programming language form such as a ladder diagram in the sequence program creation mode. The input / output interface 16 has a role of coupling the common buses 17 and 18 together.

  FIG. 2 shows the structure of the head portion of the sequence program including the password circuit 21 expressed by a ladder diagram as one embodiment of the first invention. In this embodiment, as will be described later with reference to FIG. 4, the level of access authority of the user to the PLC 19 is divided into the administrator authority A, maintenanceman authority B, and end user authority C, and the password is for the administrator. Two passwords and a maintenance man password are used.

  Then, a pseudo circuit composed of the administrator password data 23, the maintenance man password data 24, and the level valid / invalid data 22 (that is, a circuit that is placed in the form of a circuit in the sequence program but is not related to the actual sequence control). The password circuit 21 is inserted into the head of the sequence program as shown by the broken line in FIG.

  The level valid / invalid data 22 is for enabling the leveling of access authority to be invalidated in order to maintain compatibility with the conventional PLC. When “” is set, only one password (in this embodiment, only the administrator password data 23) is used.

  In order to set such a password circuit 21 in the PLC 19, a monitor start operation for starting monitoring from the input device 14 is performed in a state where the password circuit 21 is not set in the PLC 19 in advance. As a result, the sequence program during operation of the PLC 19 is read into the sequence program memory 13 of the programming device 10 (in other words, the PLC 19 transfers and copies the sequence program to the sequence program memory 13).

  In the present embodiment, the monitor start operation is performed in No. 1 in FIG. An operation for monitoring (monitoring) a sequence program during operation of the PLC 19 that is permitted regardless of the user's operation authority level corresponding to the operation function “monitor” of 29. The sequence program and its operation data are transferred and copied to the sequence program memory 13, and the transferred operation data is constantly updated by the PLC 19.

  With the monitor start operation thus performed, the password circuit setting means 31 described with reference to FIG. 1 is activated, and the administrator password 23 and the maintenance man password 24 are stored in the programming device 10 while using the input device 14 and the display 15. And the level valid / invalid data 22 are entered as “valid” or “invalid” in accordance with the use conditions of the PLC 19 at that time.

  Then, the password circuit setting means 31 of the programming device 10 first replaces the administrator password data 23, the maintenanceman password data 24, and the level valid / invalid data 22 with device addresses and converts them into sequence commands.

  The converted command related to the password circuit is not displayed on the display unit 15 so that the actually operated sequence program displayed in the ladder diagram can be correctly recognized. However, the command statement in the sequence program is shown in FIG. As indicated by the dotted line, the level valid / invalid data 22, the administrator password 23, and the maintenance man password 24 are included in the system memory 12 of the programming device 10 as the password circuit 21 that is not connected to the left bus 25 and the right bus 26. In the work area for creating password circuit data.

  Next, when an operation to instruct transfer is performed by the input device 14, the password circuit setting unit 31 temporarily interrupts the control operation of the PLC 19 during sequence control, and enters the password circuit data creation work area in the system memory 12. A certain password circuit data is inserted at the head of the sequence program read into the sequence program memory 13, and the new sequence program is transferred to the PLC 19 to resume its control operation. Thus, the password circuit 21 is set in the PLC 19.

  As described above, since the password circuit 21 is not connected to the left bus 25 and the right bus 26, it is not executed as a sequence program related to the actual control operation of the PLC 19, and does not affect other programs. In addition, when the PLC 19 sequence program in which the password circuit 21 is set in this way is monitored by the programming device 10, the display on the display unit 15 of the password circuit 21 is displayed so that the actually operating sequence program can be correctly recognized. Not performed.

  FIG. 3 is a flowchart showing an embodiment of a processing procedure for determining the access authority of the user by the programming apparatus 10, and thus the access authority determination / operation function restriction means 32 described in FIG. 1, and S1 to S12 are step numbers thereof. It is.

  FIG. 4 shows a comparison of the relationship between the type of access authority level of the operator and the type of operation function for which access is restricted as one embodiment of the first invention. In FIG. Three levels of administrator authority A, maintenance man authority B, and end user authority C are set in the horizontal direction, and the type of operation function is set to No. in the vertical direction. No. 01 from the start of online As 32 types up to 32 password clearing, the operation functions that enable operation for each access authority level are indicated by ◯, and the operation functions that disable operation are indicated by ×.

  In FIG. 4, the administrator authority A can perform operations related to all the operation functions, but the maintenance man authority B has some operation functions, which are No. in this example. 13 system definition, no. 28 PLC model change, No. No. 30 administrator authority password change, No. 30 The operation related to 32 password batch release is disabled. Further, the end user authority C can only perform operations related to operation functions that do not affect the control operation of the PLC.

  Next, FIG. 3 will be described with reference to FIG. In the state where the password circuit 21 is set as described above according to the usage condition of the PLC 19 and the PLC 19 connected to the programming device 10 controls the control target device, the access authority determination / operation function restriction of the programming device 10 First, the means 32 determines whether or not the operator has attempted to perform an online operation using the input device 14 (step S1). This determination is made in No. The presence or absence of an operation corresponding to 01 “online start” is detected.

  When the “online start” operation is detected (step S1, branch Yes), the programming device 10 (means 32) determines whether or not the password circuit 21 is set in the PLC 19 (step S2).

  Here, when the password circuit 21 is not set (step S2, branch No), it is assumed that any operator is permitted all the operation functions shown in FIG. 4, and in this example, the access authority of the operator is concerned. Is equivalent to having been determined as the administrator authority (step S12).

  On the other hand, if the password circuit 21 is set in step S2 (Yes in branch), the programming device 10 (means 32) prompts the operator to input a password via the display 15.

  When a password is input (step S3), it is checked whether or not the level valid / invalid data 22 in the password circuit 21 is set to “valid” (step S4).

  If "valid" is not set here (step S4, branch No), it is further checked whether or not the password input in step S3 is the same as the administrator password 23 in the password circuit 21 (step S10).

  Here, if the input password is the same as the administrator password 23 (step S10, branch Yes), the access authority of the operator is determined as the administrator authority (step S12), but the input password is If it is not the same as the administrator password 23 (step S10, branch No), it is assumed that authentication of the access authority of the operator has failed (step S11).

  On the other hand, if the level valid / invalid data 22 is set to “valid” in step S4 (Yes in branch), it is checked whether or not the input password is the same as the password 24 for the maintenance man in the password circuit 21 (step S5). ).

  If the input password is the same as the maintenance man password 24 (step S5, branch Yes), the access authority of the operator is determined as the maintenance man authority (step S9). If it is not the same as the man password 24 (step S5, branch No), it is further checked whether the input password is the same as the administrator password 23 (step S6).

  If the input password is the same as the administrator password 23 (step S6, branch Yes), the access authority of the operator is determined as the administrator authority (step S12), while the input password is managed. If it is not the same as the user password 23 (step S6, branch No), it is further checked whether or not the input password is blank (step S7).

  Here, if the input password is not blank (step S7, branch No), it is assumed that authentication of the access authority of the operator has failed (step S11). On the other hand, if the input password is blank (step S7, branch Yes) ), The access authority of the operator is determined as the end user authority (step S8).

  As a result of the above determination processing, the access authority determination / operation function restriction means 32 of the programming device 10 sends the access authority to the PLC 19 related to the operation function permitted at the corresponding authority level as shown in FIG. Allow access operations. However, when authentication fails in the determination process, the process of FIG. 3 is repeated.

  In the present embodiment, the user who is determined to have the administrator authority A by the process of FIG. 30 “Administrator authority password change” and No. 30 A user who is permitted to perform the “change maintenance man authority password” of No. 31 and similarly has maintenance man authority B is No. 31. 31 “maintenance man authority password change” operation is permitted.

  In this embodiment, when such a password change operation is performed, the monitoring start operation performed at the time of the new password setting is valid at that time (that is, the monitoring of the operation data of the sequence program of the PLC 19 is continued). If it is not, the monitor start operation is performed again, the sequence program in operation of the PLC 19 is read into the sequence program memory 13 of the programming device 10, and the password change operation is performed.

  Then, the password circuit setting means 31 in FIG. 1 uses the conventional password circuit 21 set in the sequence program read into the sequence program memory 13 as a work area for creating password circuit data in the system memory 12 of the programming device 10. Forward.

  Subsequently, the password circuit setting means 31 is a new administrator password data 23 and maintenanceman password data 24 that are operated and input under the administrator authority, or a new operation input that is performed under the maintenanceman authority. The administrator password data 23 and the maintenance man password data 24 in the conventional password circuit 21 transferred to the password circuit data creation work area in the system memory 12 by the maintenance man password data 24, or the maintenance man password. Each data 24 is rewritten.

  Then, the new password circuit 21 rewritten replaces the conventional password circuit 21 in the sequence program in the sequence program memory 13, and the new sequence program is transferred to the PLC 19 to resume the sequence control.

  In addition, the user who is determined to have the administrator authority A further receives a No. 1 as shown in FIG. 32 “Batch password cancellation” operations are permitted. In performing this operation, as in the case of the password changing operation described above, a monitor start operation is performed in advance as necessary, and the sequence program of the PLC 19 is read into the sequence program memory 13 of the programming device 10.

  In this state, when the password batch release operation is performed under the authority of the administrator, the password circuit setting unit 31 deletes the password circuit 21 set at the head of the sequence program read into the sequence program memory 13 in a batch. To do. Then, the new sequence program from which the password circuit 21 has been deleted is transferred to the PLC 19 and the sequence control is resumed.

(Embodiment 2)
By the way, in the first embodiment of the present invention described above, a combination of types of access operations by function that are permitted or prohibited to the user for the PLC (referred to as an operation restriction pattern for convenience) is assigned to the administrator, maintenance man, and end user. The operation authority level is limited to three.

  However, depending on the organization that uses the PLC, for example, there is a person who has the ability to change the value of the data memory even if it is an end user and wants to make use of this ability in business, or a maintenance man. There are various stages in the ability of the user to operate the PLC such that there are those who have insufficient ability to change the program.

  For this reason, recently, the operation restriction pattern can be set for each user (in other words, the operation authority level is increased from a limited number of types such as three to a user-specific stage). It came to be requested.

Next, referring to FIG. 5 to FIG. 10, an example of the second invention according to claims 7 to 13 as a second embodiment of the present invention having a function satisfying such a demand will be described.
FIG. 5 is a block diagram of a system including a programming device as one embodiment of the second invention and a PLC connected thereto, and corresponds to FIG. 5 differs from FIG. 1 in that the password circuit setting means 31 and the access authority determination / operation function restriction means 32 in the system memory 12 of the programming device 10 in FIG. 61 and the user authentication / operation function restriction means 62 are replaced, and the password circuit 21 in the PLC 19 in FIG. 1 is replaced with the password / operation restriction information 500 in FIG.

  In FIG. 5, the description of the functions of the means other than the means 31, 32 and 21 in FIG.

  The password / operation restriction information setting means 61 and the user authentication / operation function restriction means 62 in the system memory 12 of FIG. 5 are also the core of the second invention added to the system program stored in the system memory 12, That is, it is a program related to the restriction of access operation to the PLC 19. Here, the password / operation restriction information setting means 61 inserts a password / operation restriction information 500 described later as a pseudo instruction in the sequence program and sets it in the PLC 19. It is.

  The user authentication / operation function restricting means 62 authenticates the user who intends to perform an access operation to the PLC 19 and refers to the password / operation restriction information 500 transferred from the PLC 19. It is a program that restricts the types of access operations by function (hereinafter also referred to as operation functions) performed by users.

  FIG. 6 shows a user-specific operation restriction function setting screen 40 as a screen displayed on the display unit 15 when setting the type of operation function permitted or prohibited for each user by the processing of the password / operation restriction information setting means 61. Examples of

  In the figure, reference numeral 41 denotes a user # 1, # 2,..., # As n users in this example, in which passwords are given in advance by password setting processing (described later) via the setting means 61. The user list screen 42 showing n as a list is an operation function # 1, # 2,..., # 5,..., which is all types of operation functions permitted or prohibited for each user. These operation function codes are generally F, and individually are F1, F2,..., F5,.

  Each of the operation functions F (F1 as # 1, F2 as # 2,...) Is, for example, No. in FIG. 01-No. It may be considered that it corresponds to 32 operation function types. Each operation function F has a check box CB.

  FIG. 6 shows an example in which user # 1 is displayed in an active display and operation restrictions are set for user # 1. Here, among the operation functions F, the operation functions that are turned on by putting a check mark in the check box CB (F1, F2, F4, etc. in this example) are permitted, and the operation functions that are turned off without the check mark (this example) Then, F3, F5, etc.) are set to be prohibited.

FIG. 7 is a flowchart showing the setting process of the password / operation restriction information 500 via the password / operation restriction information setting means 61. S21 to S24 are step numbers.
FIG. 8 shows an embodiment of the configuration of the information 500 developed in the work area in the system memory 12 of the programming device 10 when the password / operation restriction information 500 is created by the processing of FIG.

  In FIG. 8, password data # 1, # 2,..., #N are password data set for users # 1, # 2,. In addition, the codes | symbols of these password data are 51-1, 51-2, ..., 51-n, respectively, and generally 51 is called password data classified by user.

  Further, the operation restriction data # 1, # 2,..., #N are operation restriction data set for the users # 1, # 2,. In addition, the codes of these operation restriction data are 52-1, 52-2, ..., 52-n, respectively, and generally 52 is referred to as user-specific operation restriction data.

  Here, a pair of password data # 1 and operation restriction data # 1 set for user # 1, a pair of password data # 2 and operation restriction data # 2 also set for user # 2, and so on. The pair of password data #n and operation restriction data #n set for user #n is called user-specific access restriction information 50-1, 50-2, 50-n, respectively, and generally user-specific access restrictions. This is called information 50.

  The password / operation restriction information 500 includes password data # 1 to #n for all users that can be formed from the access restriction information 50-1, 50-2, ..., 50-n for each user set in this way. 510 and 520 as operation restriction data # 1 to #n for all users, and password data 510 for all users and operation restriction data 520 for all users added to the head of the password / operation restriction information 500. It consists of header information 501 indicating the total data size and the like.

  Note that the operation restriction data 520 for all users (right side of the white thick arrow) shown as (a) in FIG. 8 is addressed in the vertical direction in the operation restriction data 520 for all users on the left side of the thick arrow. An example of the internal configuration of the operation restriction data # 1 of the first user # 1 as a representative example among the operation restriction data # 1 to #n arranged in order, that is, the operation restriction data 52-1 for each user is shown. It is.

  As shown in the figure, the user-specific operation restriction data 52 (52-1 in this example) is stored in each of all the operation functions F (F1, F2,...) That are setting target items for each user described in FIG. Bits corresponding to the operation function are sequentially arranged horizontally, and among these bits, for example, the bit of the operation function F permitted to turn on the check box CB for the user (user # 1 in this case) is “ The bit is set as “0” in the bit of the operation function F which is set to “1” and prohibited by turning off the check box CB.

  Next, the setting process of FIG. 7 through the password / operation restriction information setting unit 61 of FIG. 5 will be described with reference to FIGS. In starting this processing, the programming device 10 is set in advance to the PLC 19 that should newly set the password / operation restriction information 500, or to the PLC 19 that should update the password / operation restriction information 500 that has already been set and held. After the connection, a monitor start operation for starting monitoring from the input device 14 is performed. As a result, the sequence program during operation of the PLC 19 is read into the sequence program memory 13 of the programming device 10 (transfer copied from the PLC 19).

  In this embodiment as well, the monitor start operation is the same as that in FIG. An operation for monitoring a sequence program during operation of the PLC 19, which is permitted to any user, corresponding to the operation function “monitor” 29, and the sequence program memory 13 from the PLC 19 by this monitor start operation. The sequence program and its operation data are transferred and copied, and the transferred operation data is constantly updated by the PLC 19.

  With the monitor start operation performed in this way, a special operation that is not included in the operation function F (F1, F2,...) Of FIG. The restriction information setting unit 61 is activated, and the processes in FIG. 7 are sequentially executed. Note that the processing of FIG. 7 is all performed by such a special operation.

  First, a password setting screen (not shown) is displayed on the means 61, and for each user, the name of the user (in this example, user # 1, user # 2,... And passwords to be given to the user are generated and set by generating user-specific password data 51-1, 51-2, ..., 51-n (step S21).

  Next, the user-specific operation restriction function setting screen 40 shown in FIG. 6 is displayed. Then, on the user list screen 41, the names of the users set with the password data 51 for each user are sequentially displayed as user # 1, user # 2,..., User #n, and the operation function. The list screen 42 displays all the operation functions F (F1, F2,...) Whose check box CB is off.

  Therefore, by selecting the target user on the user list screen 41 and making it active, only the check box CB of the operation function F permitted to the user is turned on, and the above-mentioned user-specific operation restrictions for the user are described above. Data 52 is set. This setting operation is repeated for all users for which password data is set (step S22).

  Next, the same information setting means 61 is made to create password / operation restriction information 500 from the access restriction information 50 for each user of all users thus created. At this time, the information setting means 61 adds header information 501 to the head of the password / operation restriction information 500 (step S23).

  Next, the password / operation restriction information 500 thus created is transferred to the PLC 19 via the information setting means 61. At this time, the information setting means 61 temporarily stops the control operation of the PLC 19 during the sequence control, and this information 500 does not affect the sequence control before and after the password / operation restriction information 500 in the work area of the system memory 12. An instruction code indicating that it is a pseudo instruction is added, and the password / operation restriction information 500 newly set at the top of the sequence program read into the sequence program memory 13 or already set at the top of the sequence program being read. The new sequence program is transferred to the PLC 19 and its control operation is resumed.

  The password / operation restriction information 500 transferred in this way is newly set in the PLC 19 or is set by updating the information 500 already set in the PLC 19 (step S24).

  FIG. 9 refers to the user authentication / operation function restriction means 62 shown in FIG. 5, that is, the password / operation restriction information 500 transferred from the PLC 19 and authenticates the user who wants to perform an access operation on the PLC 19. Steps S31 to S38 are the step numbers in the flowchart showing the processing of the program that restricts the type of access operation (operation function) by function performed by the user. FIG. 10 is an explanatory diagram showing data movement of the password / operation restriction information 500 referred to in this processing.

  Next, FIG. 9 will be described with reference to FIG. In a state where the PLC 19 connected to the programming device 10 controls the control target device, the user authentication / operation function restriction means 62 of the programming device 10 first tries to perform an online operation by the user using the input device 14. Whether or not (step S31). This determination is also made in No. 1 in FIG. This corresponds to detecting the presence / absence of an operation corresponding to 01 “online start”.

  Here, when an online operation is detected (step S31, branch Yes), the programming device 10 (means 62) of the sequence program stored in the user memory of the PLC 19, that is, the password / operation restriction information 500 is stored. The head part is read and it is checked whether or not the header information 501 is set (step S32).

  If the header information 501 is set (step S32, branch Yes), the process proceeds to step S33, but if the header information 501 is not set (that is, the information 501 does not exist) (step S32). , Branch No), the process proceeds to step S38, where the user is permitted all the operation functions F in FIG. 6 so that the input device 14 related to all the operation functions F can be operated.

  On the other hand, in step S33, the password data 510 for all users and the operation restriction data 520 for all users in the password / operation restriction information 500 of the PLC 19 are read based on the header information 501. Then, based on the data 510 and 520, the user-specific access restriction information 50 (50-1, 50-2,...) For all users registered in the data 510 is generated.

  Next, the programming device 10 (means 62) prompts the user to input a password by displaying the screen on the display 15 (step S34). Here, when a password is input from the user, the means 62 uses the user-specific password data 51 (51-1, 50-1) in each user-specific access restriction information 50 (50-1, 50-2,...). 51-2,...) Is searched for whether there is a match with the input password of the user (step S35).

  If there is no password match and it is determined that the input password is invalid (step S35, branch No), the process returns to step S34 to instruct the user to input the password again.

  If there is a password that matches the password at Step S35 (Yes in branch), the user is authenticated, and the user-specific operation restriction data 52 is extracted from the user-specific access restriction information 50 for the user (Step S35). S36).

  Then, the means 62 enables the operation input related to the permitted operation function F, which is set in the user-specific operation restriction data 52 among the operation input (function-specific access operation) to be performed by the user. In addition, the operation input related to the prohibited operation function F is disabled (step S37).

10 Programming device 11 CPU
12 System memory 13 Sequence program memory 14 Input device 15 Display 16 Input / output interface (I / O)
17, 18 Common bus 19 Programmable controller (PLC)
20 Sequence Program 21 Password Circuit 22 Level Valid / Invalid Data 23 Password Data for Administrator 24 Password Data for Maintenance Man 25 Left Bus 26 Right Bus 31 Password Circuit Setting Means 32 Access Authority Judgment / Operation Function Restriction Means 40 User-Specific Operation Restrictions Function setting screen 41 User list screen 42 Operation function list screen 50 (50-1,..., 50-n) Access restriction information by user 51 (51-1,..., 51-n) By user Password data 52 (52-1,..., 52-n) User-specific operation restriction data 61 Password / operation restriction information setting means 62 User authentication / operation function restriction means 500 Password / operation restriction information 501 Header information 510 All User password data 520 Operation restriction data for all users F F1, F2, ···) operation function CB check box

Claims (8)

A programming device that operates a programmable controller that executes a sequence program to control a device to be controlled,
The programming device includes means for converting password data input based on an input operation by a user into a sequence command in which the device address of the programmable controller is replaced;
Means for inserting the sequence instruction into a sequence program as a pseudo circuit unrelated to the actual control of the programmable controller;
And a means for transferring the sequence program in which the pseudo circuit is inserted to the programmable controller by means for inserting into the sequence program. The sequence program is a sequence program programmed with a ladder diagram having a bus,
The programming device according to claim 1, wherein the pseudo circuit is configured regardless of an actual control of the programmable controller by being not connected to a bus in the ladder diagram.   The programming device according to claim 1, wherein the password data is an authority level permitting a predetermined operation on the programmable controller.   The programming device according to claim 1, wherein the password data is a plurality of authority levels for each operation type for the programmable controller, and is different for each level. A programming device according to claim 3 or claim 4, wherein
Level valid / invalid data for determining whether the authority level is valid or invalid is further inputted, and the means for converting into the sequence command is the device of the programmable controller in addition to the password data, the level valid / invalid data A programming apparatus characterized by converting into a sequence instruction replaced with an address. The programming device according to any one of claims 3 to 5,
When the online operation is performed, it is checked whether or not the pseudo circuit is set in the programmable controller. When it is determined that the pseudo circuit is set, the password is input to the user, and the password and the programmable controller are set. A programming apparatus characterized in that the authority level for the programmable controller is determined by comparing with a password that has been set, and an operation according to the level is permitted. The programming device according to claim 6, comprising:
When it is determined whether or not the pseudo circuit is set in the programmable controller, when it is determined that the pseudo circuit is not set, all the operations for the programmable controller are permitted. . A programmable controller that controls a device to be controlled by executing a sequence program edited by a programming device,
The programming device includes means for converting password data input based on an input operation by a user into a sequence command in which the device address of the programmable controller is replaced;
Means for inserting the sequence instruction into a sequence program as a pseudo circuit unrelated to the actual control of the programmable controller;
Means for transferring the sequence program in which the pseudo circuit is inserted by means for inserting into the sequence program to the programmable controller,
The programmable controller has storage means for holding a sequence program including the pseudo circuit transferred by the programming device, and is configured not to execute the pseudo circuit included in the sequence program held in the storage means The programmable controller characterized by being made.