9.3.3.7
User authentication
Types of user authentication
For the OPC UA server of the S7-1500, you can set what authentication is required for a user
of the OPC UA client wishing to access the server.
You have the following options:
• Guest authentication
The user does not have to prove their authorization (anonymous access). The OPC UA
server does not check the authorization of the client user
If you want to use this type of user authentication, select the "Enable guest
authentication" option under "OPC UA > Server > Security > User authentication".
Note
To increase security, you should only allow access to the OPC UA server with user
authentication.
• User name and password authentication
The user has to prove their authorization (no anonymous access). The OPC UA server
checks whether the client user is authorized to access the server. Authorization is given by
the user name and the correct password.
If you want to use this type of user authentication, select the "Enable user name and
password authentication" option under "OPC UA > Server > Security > User
authentication".
Deactivate the guest authentication.
Enter the user in the "User management" table.
To do so, click the "<Add new user>" entry. A new user is created with an automatically
assigned name. You can edit the user name and enter the password for the user name.
You can add a maximum of 21 users.
• Additional user administration via the security settings of the project
The "Enable additional user administration via the security settings of the project" option
can be found under the general OPC UA settings (CPU properties: OPC UA > General). If
you select this option, the user management for the open project will also be used for
user authentication for the OPC UA server: The same user names and passwords are then
valid in OPC UA as in the current project.
Proceed as follows to activate user management for the project:
– Click "Security settings > Settings" in the project tree.
– Click the "Protect this project" button.
– Enter your user name and your password.
– Enter additional users under "Security settings > Users and roles".
If you configure an additional OPC UA server in your project, also select the option "Enable
additional user administration via the security settings of the project". Repeated input of
user names and passwords is then unnecessary.
Communication
Function Manual, 05/2021, A5E03735815-AJ
OPC UA communication
9.3 Using the S7-1500 as an OPC UA server
237