Introduction, Setting password protection, Section 9 – Basler Electric BE1-700 User Manual

SECTION 9

• SECURITY

INTRODUCTION

In this section, security, in the form of multilevel password protection, is discussed along with the
information required for protecting specific function groups and user interface components against
unauthorized access.

Passwords provide access security for three distinct functional access areas: Settings, Reports, and
Control. Each functional area can be assigned a unique password or one password can be assigned to
multiple areas. A global password is used to access all three of the functional areas. BE1-700 passwords
are not case sensitive; either lowercase or uppercase letters may be entered. Password security only
limits write operations; passwords are never required to read information from any area.

Additional security is provided by controlling the functional areas that can be accessed from a particular
communication port. For example, security can be configured so that access to Control commands from
the rear Ethernet (COM1) is denied. Then, an attempt to issue a Control command through COM1 will
cause the relay to respond with an ACCESS DENIED and/or INVALID PASSWORD message. This will
occur whether a valid password is entered or not. When configuring communication port access areas,
you should be aware that the front RS-232 port (COM0) and the front panel HMI are treated as the same
port.

The communication ports and password parameters act as a two-dimensional control to limit changes.
For a command to be accepted, the entered password must be correct and the command must be
entered through a valid port. Only one password can be active at one time for any area or port. For
example, if a user gains write access at the optional rear Ethernet port, then users at other areas (COM0,
front panel HMI, and COM2) will not be able to gain write access until the user at the rear Ethernet port
uses the EXIT command to release access control.

If a port holding access privileges sees no activity (command entered or HMI key pressed) for
approximately five minutes, access privileges and any pending changes will be lost. This feature ensures
that password protection cannot be accidentally left in a state where access privileges are enabled for
one area and other areas locked out for an indefinite period.

If password protection is disabled, then entering ACCESS= followed by no password or any alphanumeric
character string will obtain access to the unprotected area(s).

Setting Password Protection

Password protection is configured for each access area port and communication port using
BESTCOMS

™. Alternately, password protection can be configured using the GS-PW ASCII command.

To configure password protection using BESTCOMS, select General Operation from the Screens pull-
down menu. Then select the Global Security tab. Refer to Figure 9-1.

NOTE

For security reasons, all change passwords are disabled by default on the
optional Ethernet port. You must use a serial connection to enable and upload
the desired change functions before changes will be allowed from the Ethernet
port.

9376700990 Rev M

BE1-700 Security

9-1