Securing an HMI is an important step to set users and user groups and grant them access to the HMI. If the default login remains unchanged, any user connected to the network can access the HMI using default passwords and is able to change PLC values. You should never allow users to access the HMI through a public IP, as the webserver on the PLC should be used only on a local network. To access the HMI from the internet, use the Mervis SCADA.

In the properties of each HMI page you can set a group of users able to access the said page. Each user can be assigned to single or multiple groups. Each group can be also set for both read/write or as a read-only.

By double-clicking in the left panel you can open:

• PLC (local webserver)
• Terminal (external webserver).

In the bottom panel of the PLC windows, look for HMI User Rights.

A list of users will appear. Change the default passwords immediately. You can also set a separate read-only or write user groups. The last two columns are for setting up which user will have admin rights and which will be the default one. If the default user has no password, the HMI will display with no password needed. If you use this setting, we recommend setting this user as read-only.

If you right-click into the blank space under the user tab, a menu will appear. Here, you can add more users. The rest of the options are for editing existing users and are available via a right-click on any of the users.

By clicking Group Definition tab on the bottom of the PLC window, group settings will open. In this panel you can add or manage user groups the same way as users, including a column for selecting a default group, which will be assigned automatically to every additional user.

All changes need to be confirmed to save them. Confirm by clicking OK in the red bar.

Below you can see an example of user configuration.

In the properties of each HMI page, you can set a user group able to access the page.