You can find more information about the API methods in the Web server Function Manual
(https://support.industry.siemens.com/cs/de/en/view/59193560).
Note
Passwords changed at runtime take priority over loaded passwords
If you have changed your password during running operation and subsequently load your
project, the password assigned during runtime takes precedence over the password set in the
project (default setting).
If you want to overwrite the passwords changed during runtime by loading the project, you
have to select the option "Load all user administration data (reset to project data)". In this
case, all passwords changed during runtime will be lost.
11.3.3
From the access level to the function right of users
The following section shows how to implement access protection with the new local user
administration for CPUs.
Access levels as function rights
Where access could only be controlled via passwords with R/H-CPUs up to FW version V3.0,
you can create the appropriate users and roles with the necessary function rights for access
control with CPUs as of FW version V3.1. The assignment between access level and the
associated function right results from the already known access levels:
• Users who are to have full access must have a role with the function right "Full access", or
"Full access incl. failsafe" for F-CPUs.
A CPU configuration can only be compiled and loaded if at least one user has the function
right "Full access" or "Full access incl. failsafe".
• Users who are to have read access must have a role with the function right "Read access".
• Users who are to have HMI access must have a role with the function right "HMI access".
If a user does not have any of these specified function rights, that user also has no access to
the CPU.
The hierarchical organization of the access levels also remains the same for the
corresponding function rights:
• A user with full access also has the function rights "Read access" and "HMI access".
• A user with read access also has the function right "HMI access".
Note
Compatibility of the "ENDIS_PW" instruction
The "ENDIS_PW" instruction can only be used to disable or enable passwords for access levels.
The "ENDIS_PW" instruction has no effect on assigned rights for users or roles.
S7-1500R/H redundant system
System Manual, 01/2024, A5E41814787-AF
Protection
11.3 Local user management
347