Rockwell Automation 1756 ControlLogix, 1756 GuardLogix, 1769 CompactLogix, 1769 Compact GuardLogix, 1789 SoftLogix Instruction Manual
...
Programming Manual
Logix 5000 Controllers Security
1756 ControlLogix, 1756 GuardLogix, 1769 CompactLogix,
1769 Compact GuardLogix, 1789 SoftLogix, 5069
CompactLogix, 5069 Compact GuardLogix, Studio 5000
Logix Emulate
Original Instructions
Logix 5000 Controllers Security
personal injury or death, property damage, or economic loss.
Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.
IMPORTANT
SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous voltage may be present.
temperatures.
for Personal Protective Equipment (PPE).
Important User Information
Read this document and the documents listed in the additional resources section about installation, configuration, and
operation of this equipment before you install, configure, operate, or maintain this product. Users are required to familiarize
themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws, and standards.
Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are required to
be carried out by suitably trained personnel in accordance with applicable code of practice.
If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be
impaired.
In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use
or application of this equipment.
The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and
requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or liability for
actual use based on the examples and diagrams.
No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or software
described in this manual.
Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation, Inc., is
prohibited.
Throughout this manual, when necessary, we use notes to make you aware of safety considerations.
WARNING: Identifies information about practices or circumstances that can cause an explosion in a hazardous environment, which may lead to
ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property damage, or economic loss.
Identifies information that is critical for successful application and understanding of the product.
Labels may also be on or inside the equipment to provide specific precautions.
BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may reach dangerous
ARC FLASH HAZARD:
will cause severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow ALL Regulatory requirements for safe work practices and
Labels may be on or inside the equipment, for example, a motor control center, to alert people to potential Arc Flash. Arc Flash
2 Rockwell Automation Publication 1756-PM016O-EN-P - September 2020
Change
Topic
Updated branding.
Throughout
Summary of changes
This manual includes new and updated information. Use these reference
tables to locate changed information.
Grammatical and editorial style changes are not included in this summary.
Global changes
This table identifies changes that apply to all information about a subject in
the manual and the reason for the change. For example, the addition of new
supported hardware, a software design change, or additional reference
material would result in changes to all of the topics that deal with that subject.
Updated Legal notices. Legal notices on page 8
New or enhanced features
None in this release.
Rockwell Automation Publication 1756-PM016O-EN-P - September 2020 3
Summary of changes
Security overview
Configuring source protection
Table of Contents
Preface
in the Logix Designer
application
Studio 5000 environment .......................................................................... 7
Additional resources ................................................................................... 7
Legal notices ................................................................................................ 8
Chapter 1
Introduction ............................................................................................... 11
FactoryTalk Security .................................................................................. 11
Permission sets and Logical Names ................................................... 11
Source Protection ....................................................................................... 12
Chapter 2
Introduction ............................................................................................... 15
Considerations and limitations for License protection and locked
components .......................................................................................... 16
Enable source protection........................................................................... 18
Disable the Configure Source Protection menu option .......................... 18
Protect components with Source Keys ..................................................... 19
About source keys ................................................................................ 20
Source key names ................................................................................ 20
Source key file ....................................................................................... 21
Apply Source Key protection to a component ................................... 22
Specify a Source Key file and location ......................................... 24
View components without a key .................................................. 25
Verify source key protection on a component ............................ 26
Remove access to a protected routine ..................................................... 27
License Source Protection for components ............................................ 27
Protect components with Licenses .................................................... 28
Add Execution Protection to License-protected components ......... 29
Apply License Protection to one or more components .................... 30
Lock a component ................................................................................ 33
Lock all License-Protected content ..................................................... 34
Add an LV instruction to monitor license status ............................... 34
Share License privileges with other users on your network ............. 34
Provide License privileges to other users ..................................... 35
Provide license privileges for remote desktop users ................... 36
Securing a ControlLogix controller with the Logix CPU Security Tool . 39
Accessing a secured controller ................................................................. 42
Removing security from a controller with the CPU Security Tool ......... 43
Removing a password ................................................................................ 45
Rockwell Automation Publication 1756-PM016O-EN-P - September 2020 5
Table of Contents
Product policies and securable
actions supported by
FactoryTalk Security
Index
Appendix A
Product policies and securable actions ................................................... 48
6 Rockwell Automation Publication 1756-PM016O-EN-P - September 2020
Resource
Description
publication FTSEC-QS001
security.
website, http://ab.rockwellautomation.com
and other certification details.
Studio 5000 environment
Additional resources
Preface
This manual explains how to configure security for the Logix Designer™
application. It also explains how to set up source protection for your logic and
projects. This manual is one of a set of related manuals that show common
procedures for programming and operating Logix 5000 controllers.
For a complete list of common procedures manuals, refer to the
Logix 5000
Controllers Common Procedures Programming Manual, publication 1756-
PM001.
The term Logix 5000 controller refers to any controller based on the Logix
5000 operating system.
The Studio 5000 Automation Engineering & Design Environment® combines
engineering and design elements into a common environment. The first
element is the Studio 5000 Logix Designer® application. The Logix Designer
application is the rebranding of RSLogix 5000® software and will continue to
be the product to program Logix 5000™ controllers for discrete, process,
batch, motion, safety, and drive-based solutions.
Rockwell Automation Publication 1756-PM016O-EN-P - September 2020 7
The Studio 5000® environment is the foundation for the future of
Rockwell Automation® engineering design tools and capabilities. The Studio
5000 environment is the one place for design engineers to develop all
elements of their control system.
These documents contain additional information concerning related
products from Rockwell Automation.
Industrial Automation Wiring and Grounding
Guidelines, publication 1770-4.1
FactoryTalk Security System Configuration Guide,
Product Certifications
Provides general guidelines for installing a
Rockwell Automation industrial system.
Provides additional information on FactoryTalk™
Provides declarations of conformity, certificates,
Preface
Legal notices
You can view or download publications at
http://www.rockwellautomation.com/literature/
. To order paper copies of
technical documentation, contact your local Allen-Bradley™ distributor or
Rockwell Automation™ sales representative.
Rockwell Automation publishes legal notices, such as privacy policies, license
agreements, trademark disclosures, and other terms and conditions on the
Legal Notices
page of the Rockwell Automation website.
End User License Agreement (EULA)
You can view the Rockwell Automation End User License Agreement (EULA)
by opening the license.rtf file located in your product's install folder on your
hard drive.
The default location of this file is:
C:\Program Files (x86)\Common Files\Rockwell\license.rtf.
Open Source Software Licenses
The software included in this product contains copyrighted software that is
licensed under one or more open source licenses.
You can view a full list of all open source software used in this product and
their corresponding licenses by opening the oss_license.txt file located your
product's OPENSOURCE folder on your hard drive. This file is divided into
these sections:
• Components
Includes the name of the open source component, its version number,
and the type of license.
• Copyright Text
Includes the name of the open source component, its version number,
and the copyright declaration.
• Licenses
Includes the name of the license, the list of open source components
citing the license, and the terms of the license.
The default location of this file is:
8 Rockwell Automation Publication 1756-PM016O-EN-P - September 2020
C:\Program Files (x86)\Common Files\Rockwell\Help\<product
name>\Release Notes\OPENSOURCE\oss_licenses.txt.
You may obtain Corresponding Source code for open source packages
included in this product from their respective project web site(s).
Alternatively, you may obtain complete Corresponding Source code by
Preface
contacting Rockwell Automation via the Contact form on the Rockwell
Automation website:
http://www.rockwellautomation.com/global/aboutus/contact/contact.page. Please include "Open Source" as part of the request
text.
Rockwell Automation Publication 1756-PM016O-EN-P - September 2020 9
Introduction
FactoryTalk Security
Permission sets and
Chapter 1
Security overview
This chapter provides an overview of the security features available in the
Logix Designer application.
The following features are the main security features that protect controller
projects:
• FactoryTalk® Security software, which provides permission-based
control.
• Source Protection, which protects the logic in controller projects.
FactoryTalk® Security integrates a common security model across all
FactoryTalk enabled products. FactoryTalk® Services Platform (FTSP)
includes the FactoryTalk Administration Console that provides the interface
for configuring your system. FactoryTalk Services Platform (FTSP) software is
installed during the installation of the Logix Designer application.
Logical Names
Use FactoryTalk Security to control access to the logic in your projects with
centrally managed, role-based policy enforcement.
For more information about FactoryTalk Security, see the
Security System Configuration Guide, publication FTSEC-QS001.
Permission sets and Logical Names identify a set of actions that are allowed
or denied for one or more user groups or computer groups. You use
permission sets and Logical Names to define user permissions in the
FactoryTalk Administration Console. Use permission sets to apply the same
permissions to multiple controllers or project components. Use a Logical
Name to associate permissions with a specific controller. When you use a
Logical Name, it must match the name of the controller.
When a user opens a project that has been secured with a permission set or a
Logical Name and configured to use only the selected security authority, the
Logix Designer application checks the ID of the FactoryTalk Directory to see if
it matches the ID stored in the project.
• If the ID matches, the Logix Designer application checks the directory
and finds the Logical Name (that matches the controller name), or the
permission set associated with the project, and gets the permissions
for the current user/computer combination.
• If the ID does not match, the project uses the Guest User permissions
defined for that permission set or Logical Name.
FactoryTalk
Rockwell Automation Publication 1756-PM016O-EN-P - September 2020 11
Chapter 1 Security overview
Source Protection.
versions 30 and 31 of the Logix Designer application.
Source Protection
When a user opens a project that has been secured but has not been
configured to use only the selected security authority, the Logix Designer
application checks the connected FactoryTalk Directory, finds the Logical
Name or the permission set associated with the project, and gets the
permissions for the current user/computer combination. Rockwell
recommends configuring the project to use only the selected security
authority to maintain control over the directory that secures the project.
Permissions for Guest Users
When you configure permission sets and logical names in the FactoryTalk
Administration Console, you can also configure permissions for Guest Users.
The permissions for Guest Users determine the level of access for users who
are not authenticated on the same FactoryTalk directory that the project was
secured with.
Permissions for Guest Users are cached in the project file to which they are
associated. However, the permissions are only stored in the project file for
permission sets that have been applied to objects by a user of the primary
FactoryTalk directory.
Refer to the FactoryTalk online help for more information on permissions for
Guest Users.
Source Protection limits users' ability to view and edit routines and Add-On
Instructions, including equipment phase state routines, without the
associated source key or license. Apply Source Key Protection or License
Source Protection to routines and Add-On Instructions. Apply Execution
Protection to license-protected components to allow execution only on
controllers with a specific execution license.
When protecting a component with License Source Protection, optionally lock
the the component. A locked component does not require the source license to
open the project or execute the locked component, allowing more secure
distribution. A user with the correct license must unlock a component to allow
viewing or editing. Rockwell recommends locking unlocked components in
projects that are distributed from trusted development environments to
unsecured environments to safeguard your intellectual property.
Tip: Routines and Add-On Instructions are currently the only project component types that support
12 Rockwell Automation Publication 1756-PM016O-EN-P - September 2020
Tip: Execution Protection and component locking is supported only on Compact GuardLogix 5380,
CompactLogix 5380, CompactLogix 5480, ControlLogix 5580, and GuardLogix 5580 controllers in
License Source Protection and Execution Protection Licenses require the use
of CmSticks and CmCards:
device is not required to open a project containing locked components.
Protection option
Supported controllers
Description
Source Key (Password-based)
All Logix 5000 controllers
Simple legacy protection, not recommended for hardened
from the source code.
Chapter 1 Security overview
• On the computer running the Logix Designer application, a CmStick,
CmCard, or other compatible Wibu device that contains licenses
required for opening a license-protected project and working with
project components.
Tip: On CompactLogix 5380, CompactLogix 5480, ControlLogix 5580, Compact GuardLogix
5380, and GuardLogix 5580 controllers, a CmStick, CmCard, or other compatible Wibu
• On the controller, a CmCard that contains execution licenses required
to run a project that contains components protected with Execution
Protection. If a required execution license is missing, the project does
not download to the controller. If the project has already been
downloaded and the license expires or the CmCard is removed, a
major fault occurs when the controller is switched to Run mode.
The following table describes the types of Source Protection available.
Source Protection
License Source Protection CompactLogix 5370, ControlLogix
5570, Compact GuardLogix 5370,
and GuardLogix 5570 controllers
License Source Protection
(Locked)
CompactLogix 5380,
CompactLogix 5480, ControlLogix
5580, Compact GuardLogix 5380,
and GuardLogix 5580 controllers
intellectual property protection.
• Component source code (logic) is protected with a
password.
• Password must be available to view or edit protected
components.
• Optionally, can be configured to allow logic to be viewed
when password is not available.
Hardened intellectual property protection for sensitive
content:
• Component source code (logic) is protected with a
License on a CmStick installed on the computer running
the Logix Designer application.
• License must be present to open or import the file
containing the protected components.
• Licenses can be configured with different access levels
to allow viewing or editing protected components..
Provides hardened intellectual property protection for
sensitive content and allows easy transfer of projects:
• Component source code (logic) is protected with a
license on a CmStick installed on the computer running
the Logix Designer application.
Executable code is protected and stored separately
•
License Source Protection
(Unlocked)
Rockwell Automation Publication 1756-PM016O-EN-P - September 2020 13
CompactLogix 5380,
CompactLogix 5480, ControlLogix
5580, Compact GuardLogix 5380,
and GuardLogix 5580 controllers
Provides protection and access control based on
permissions in the license:
• Users without a dongle can work with unprotected
parts of the project, but users cannot view or edit the
protected content. The dongle is required to work with
the protected content.
• To lock or unlock a component, the source license must
be present on a CmStick plugged into the computer
running the Logix Designer application, and the license
must contain the View permission.
Chapter 1 Security overview
Protection option
Supported controllers
Description
License Source Protection +
License Execution Protection
CompactLogix 5380,
CompactLogix 5480, ControlLogix
5580, Compact GuardLogix 5380,
and GuardLogix 5580 controllers
Limits execution of valuable content to only authorized
controllers:
• Provides same protection as License-based Source
Protection.
• Additionally, components can be protected with an
Execution License.
• Protected components can only be downloaded and
executed on a controller that contains a CmCard with
the correct execution license.
14 Rockwell Automation Publication 1756-PM016O-EN-P - September 2020
Tip: You can optionally allow source-protected components to be available in a read-only
versions 30 and later of the Logix Designer application.
Tip: Execution Protection and component locking is supported only on Compact
GuardLogix 5580 controllers in version 30 of the Logix Designer application.
Introduction
Chapter 2
Configuring source protection in the Logix
Designer application
This chapter describes how to enable and apply source protection for your
Logix Designer components, such as routines and Add-On Instructions. You
can protect project components using Source Key protection or License
protection. You can also apply Execution Protection to source-protected
components to allow execution only on controllers with a specific execution
license.
Source Key protection:
• Protects components using existing source keys.
format on a system that does not have the source key required for access.
License protection:
• Protects components with specific licenses.
Tip: License Source Protection is not supported on Sequential Function Chart routines in
• Execution Protection is an extension of License-Based Source
Protection. You can apply Execution Protection to limit the execution
of routines and Add-On Instructions, including equipment phase state
routines, to controllers that contain a specific execution license.
• When you protect a component with License Source Protection, you
can also lock it. When you lock a component, the routine's logic is
compiled into executable code and encrypted. It is only decrypted by
the controller when it is ready to be executed. As a result, project files
containing locked components can be shared with users without
licenses to work with the locked components. Those users can work
with unprotected parts of the project, upload and download the project
file, and even copy and paste locked components into other project
files. Rockwell recommends locking unlocked components in projects
that are distributed from trusted development environments to
unsecured environments in order to safeguard your intellectual
property.
Rockwell Automation Publication 1756-PM016O-EN-P - September 2020 15
GuardLogix 5380, CompactLogix 5380, CompactLogix 5480, ControlLogix 5580, and
Chapter 2 Configuring source protection in the Logix Designer application
Limitation
Affects routines
Affects AOIs
Cannot resize an array that is referenced by a locked routine.
x
Considerations and
Keep the following considerations and limitations in mind when using
License Source Protection with routines and Add-On Instructions for
limitations for License
protection and
CompactLogix 5380, CompactLogix 5480, ControlLogix 5580, Compact
GuardLogix 5380, and GuardLogix 5580 controllers.
locked components
• Sequential Function Chart routines cannot be protected with License
Source Protection and execution protection.
• Function Block Diagram routines cannot be protected with License
Source Protection and execution protection.
• You cannot overwrite a locked routine with a locked routine of a
different language. If a locked routine needs to be replaced with a
locked routine of a different language, first unlock the routine in the
target file.
• You cannot overwrite a locked routine with an unlocked routine, and
vice versa. To replace a locked routine with an unlocked routine, and
vice versa, first delete the routine to be replaced.
• If you overwrite a locked ladder logic routine that contains label (LBL)
instructions with a locked ladder logic routine that contains similar
labels, other workstations can lose correlation with the project. To
recover correlation, upload the project on the affected workstations.
• The controller SD card holds a maximum of 63 active or expired
licenses, plus the Rockwell activation license for Execution Protection.
If the SD card contains more than 64 licenses, downloads with licenseprotected content fail to the controller. To remove unwanted licenses,
use the removal option on the Wibu administration portal.
• When you lock an Add-On Instruction, the data included in tags is
protected but not to the extent that the logic is protected. If your tags
contain sensitive data, Rockwell recommends putting that data in
literals rather than in tags. Literals are protected at the same level as
the logic in locked routines and Add-On Instructions. In
programmable logic, a literal is a value that is expressed as itself rather
than as a variable's value or the result of an expression.
16 Rockwell Automation Publication 1756-PM016O-EN-P - September 2020
Cannot change the target of an alias that is referenced by a locked
routine.
Limitations for locked components
After a routine or an Add-On Instruction (AOI) is locked, strict limits apply to
changes made to the routine or to other components the routine references.
This table lists limitations that apply to locked components. An authorized
user can run a locked component. To view or edit a component an authorized
user must unlock the component.
x
Limitation
Affects routines
Affects AOIs
allowed.
to a tag of a different type.
element to a target at a different offset from the beginning of the tag.
Cannot change a Produced tag that is used in an IOT instruction to
anything other than a Produced or Module Output tag.
x
Cannot change a Consumed tag to anything other than a Produced,
locked routine.
x
locked routine.
routine.
referenced by a locked routine or AOI.
routine.
Defined Tag that is referenced by a locked routine.
Chapter 2 Configuring source protection in the Logix Designer application
Cannot change a BOOL alias that targets the bit of an integer to target a
x
different bit. However, changing the alias to target a different integer is
Cannot change the target of an alias that is referenced by a locked routine
Cannot change the target of an alias of a member of a UDT or array
x
x
Cannot change an alias referenced by a locked routine to a base tag. x
Cannot change a base tag that is referenced by a locked routine to an
x
alias.
Cannot change an InOut program parameter that is referenced by a locked
x
routine to anything other than an InOut program parameter.
Cannot change a Produced tag to anything other than a Produced,
x
Consumed, Module Input tag or Module Output tag when the Produced tag
is:
• Referenced by a locked routine, and
• Used in a COP, CPS, MAOC or as an InOut argument to an AOI in that
locked routine.
Consumed, Module Input tag, or Module Output tag when the Consumed
tag is:
• Referenced by a locked routine, and
Used in a COP, CPS, MAOC or as an InOut argument to an AOI in that
•
Cannot change a Module Input tag to anything other than a Produced,
Consumed, Module Input tag, or Module Output tag when the Module Input
tag is:
• Referenced by a locked routine, and
Used in a COP, CPS, MAOC or as an InOut argument to an AOI in that
•
Cannot change a Module Output tag to anything other than a Produced,
Consumed, Module Input tag, or Module Output tag when the Module
Output tag is:
• Referenced by a locked routine, and
• Used in a COP, CPS, MAOC or as an InOut argument to an AOI in that
locked routine.
Cannot change a Module Output tag that is used in an IOT instruction to
anything other than a Produced or Module Output tag.
Cannot change a standard tag referenced by a locked routine to a
Produced, Consumed, Module Input, or Module Output tag, if that tag is
used by a COP, CPS, MAOC or used as an AOI InOut argument in that locked
Cannot re-order the members of a User Defined Type of a tag that is
Cannot change the data type of a tag that is referenced by a locked
Cannot update a profile in a way that changes the data type of a Module
x
x
x
x
x x
x
x x
Rockwell Automation Publication 1756-PM016O-EN-P - September 2020 17