Special functions of a CPU 41x-H
6.1 Security levels
S7-400H
78
System Manual, 03/2012, A5E00267695-11
CPU function
Security level 1
Security level 2
Security level 3
Forcing
Access granted
Password required
Password required
Updating the firmware without a
memory card
Access granted
Password required
Password required
Setting the security level with SFC 109 "PROTECT"
You can set the following security levels on your CPU with SFC 109:
●
SFC 109 call with MODE=0: Setting of security level 1. The SFC 109 call with MODE=0
overrides any existing lock of password legitimization.
●
SFC 109 call with MODE=1: Setting of security level 2 with password legitimization. This
means you can cancel the write protection set with SFC 109 if you know the valid
password. The SFC 109 call with MODE=1 overrides any existing lock of password
legitimization.
●
SFC 109 call with MODE=12: Setting of security level 3 without password legitimization.
This means you cannot cancel the write and read protection set with SFC 109 even if you
know the valid password. If a legitimate connection exists when you call SFC-109 with
MODE=12, the SFC-109 call has no effect on this connection.
Note
Setting a lower security level
You can use SFC 109 "PROTECT" to set a lower security level than the one you
configured with STEP 7 "Configure hardware".
Additional aspects
●
Both fault-tolerant CPUs of a fault-tolerant system can have different security levels in
STOP.
●
The security level is transferred from the master to the standby during link-up/update
operations.
●
The set security levels of both fault-tolerant CPUs are retained if you make modifications
to the plant during operation.
●
The security level is transferred to the target CPU in the following cases:
–
Switching to CPU with modified configuration
–
Switching to a CPU with expanded memory configuration
–
Switching to a CPU with modified operating system
–
Switching to a CPU using only one intact redundant link