Setting options for the level of protection (S7-300, S7-400) - STEP 7

Functional description of S7-300/400 CPUs (S7-300, S7-400)
ft:publication_title
Functional description of S7-300/400 CPUs (S7-300, S7-400)
Product
STEP 7
Version
V20
Publication date
11/2024
Language
en-US
Setting options for the level of protection

Protection level

This section explains how to use the individual protection levels of the S7 CPUs and what influence the type of S7 CPU has on the parameter assignment and use of the respective protection level.

Default behavior

There is no password assignment in the default protection level behavior. This level of protection means "No protection".

A password can only be given if you have selected the option "Removable with password". This option gives you write access to the CPU in RUN mode if the CPU has been write-protected with the "PROTECT" instruction in the user program.

Note

If the default protection level of your CPU is active and your CPU supports the instruction "PROTECT", you can use this instruction to switch between the default protection level "No protection" and the protection level "Write protection".

Additional password-protected protection levels

A password is required for the following protection levels:

  • Write protection: With this protection level, only read-only access is available without entering the correct password, regardless of the keyswitch setting. To enable this protection level a password is required.

  • Write/read protection: With this protection level, neither read nor write access is available without entering the correct password, regardless of the keyswitch setting. A password must be assigned before this protection level can be selected.

Write and read access is possible if the password is known regardless of the level of protection set.

Behavior of a password-protected module during operation

The CPU protection takes effect after the settings are downloaded in the CPU.

Before an online function is executed, the necessary permission is checked and, if necessary, the user is prompted to enter a password.

Example: The module was assigned a protection level and you want to execute the "Modify tags" function. This requires write access; therefore, the assigned password must be entered to execute the function.

The functions protected by a password can only be executed by one programming device/PC at any one time. Another programming device/PC cannot log on with a password.

Access authorization to the protected data is in effect for the duration of the online connection, or until the access authorization is manually rescinded with "Online > Delete access rights".

Note

You can not restrict functions for process control, monitoring, and communications. Thus, for example, the "Set time of day/date" function cannot be locked with a password.