Cover sheet Configuring s in SIMATIC PCS 7 SIMATIC PCS 7 V8.0 SP1, SIMATIC Logon V 1.5 Application May 2014 Applications & Tools Answers for industry.
Siemens Industry Online Support This entry is taken from Siemens Industry Online Support. The following link takes you directly to the download page of this document: http://support.automation.siemens.com/ww/view/en/66926225 Please also actively use our Technical Forum in Siemens Industry Online Support regarding this subject. Share your questions, suggestions or problems and discuss them with our strong forum community: http://www.siemens.com/forum-applications 2 V1.2, Entry ID: 66926225
s Task 1 Solution 2 Function Mechanisms 3 SIMATIC PCS 7 Application Installation 4 of the User Interface 5 Sample Project 6 Applying s to Specific Projects 7 Links & Literature 8 History 9 V1.2, Entry ID: 66926225 3
Warranty and Liability Warranty and Liability Note The Application Examples are not binding and do not claim to be complete regarding the circuits shown, equipping and any eventuality. The Application Examples do not represent customer-specific solutions. They are only intended to provide support for typical applications. You are responsible for ensuring that the described products are used correctly. These application examples do not relieve you of the responsibility to use safe practices in application, installation, operation and maintenance. When using these Application Examples, you recognize that we cannot be made liable for any damage/claims beyond the liability clause described. We reserve the right to make changes to these Application Examples at any time without prior notice. If there are any deviations between the recommendations provided in these application examples and other Siemens publications e.g. Catalogs the contents of the other documents have priority. We do not accept any liability for the information contained in this document. Any claims against us based on whatever legal reason resulting from the use of the examples, information, programs, engineering and performance data etc., described in this Application Example shall be excluded. Such an exclusion shall not apply in the case of mandatory liability, e.g. under the German Product Liability Act ( Produkthaftungsgesetz ), in case of intent, gross negligence, or injury of life, body or health, guarantee for the quality of a product, fraudulent concealment of a deficiency or breach of a condition which goes to the root of the contract ( wesentliche Vertragspflichten ). The damages for a breach of a substantial contractual obligation are, however, limited to the foreseeable damage, typical for the type of contract, except in the event of intent or gross negligence or injury to life, body or health. The above provisions do not imply a change of the burden of proof to your detriment. Any form of duplication or distribution of these Application Examples or excerpts hereof is prohibited without the expressed consent of Siemens Industry Sector. 4 V1.2, Entry ID: 66926225
Table of Contents Table of Contents Warranty and Liability... 4 1 Task... 6 2 Solution... 7 2.1 Overview of the general solution... 7 2.2 of the core functionality... 9 3 Function Mechanisms... 10 3.1 Dynamic link library EsigWinCCInterface.dll... 10 3.2 Functions and modules for configuration... 10 3.3 Functions and modules for Runtime... 11 4 Installation... 12 5 of the User Interface... 13 5.1 User interface for configuration... 13 5.1.1 Menu... 13 5.1.2 Dialog Configuration... 14 5.1.3 Dialog Reset Parameters... 16 5.1.4 Dialog Configure s in Database... 17 5.2 User interface in Runtime... 19 6 Sample Project... 21 6.1 Preparatory steps before using the sample project... 22 6.1.1 Creating user groups and users in Windows... 22 6.1.2 Changing the configured computer name... 23 6.2 of the sample project... 25 6.2.1 Area button Configuration... 25 6.2.2 Area button Example 1... 26 6.2.3 Area button Example 2... 28 6.2.4 PCS 7 message system operation list... 29 7 Applying s to Specific Projects... 30 7.1 Preparatory steps for configuration... 30 7.1.1 Importing macros... 30 7.1.2 Adapting the template file... 32 7.1.3 Integrating global scripts... 35 7.1.4 Configuring the database... 37 7.1.5 Configuring the messages in Alarm Logging... 37 7.2 Configuration... 40 7.3 Removal of an from an object... 46 7.4 Qualification and test of the application in the project... 49 8 Links & Literature... 50 9 History... 50 V1.2, Entry ID: 66926225 5
1 Task 1 Task In many industries, especially the pharmaceutical and food sector, there are often situations requiring different critical operator actions which have to be authorized by means of an. Such kinds of operator actions may include, for example: adjusting a setpoint value executing a switching operation starting a sequence of operations starting a batch operation Depending on the specific task, an operation may require a 4-eyes principle. This means that an operation must be approved by at least two different persons. Release shall be given with the help of an which, for traceability purposes, shall be stored in a long-term archive. The archive entries must be suitable to identify which operations have been performed by whom and when, including the date and time of their acknowledgement. Figure 1-1 6 V1.2, Entry ID: 66926225
2 Solution 2 Solution 2.1 Overview of the general solution The function principle of the solution presented here is as follows: In order to perform critical operator actions at the PCS 7 operator systems, this intervention must be verified by one or more users with an. Authentication of the individual users is effected with SIMATIC Logon by means of an authorization prompt. The persons with authorization are defined in the different user groups. When all required signatures are available, the critical operation will be executed. The associated signature data (time, user, operator action, operator station) will be written to the PCS message archive in the form of an audit trail. Figure 2-1 Advantages Using this application offers the following advantages: dialog-based configuration of multiple, role-based s easy integration of the functions in a PCS 7 project reduced costs and minimized configuration time through the use of preconfigured modules the plant is operated only by authorized personnel, thus increasing the protection against faults and errors excellent traceability of significant operator actions easy documentation by means of automatically generated audit trails in PCS 7 long-term archiving of the s ensured by the PCS 7 archiving concept V1.2, Entry ID: 66926225 7
2 Solution Alternatives The solution described in this document is quite comprehensive and fulfills the requirements of multiple s with a role concept. Less complex e-signature solutions may be realized on the basis of the following functions of SIMATIC Logon. Verify Logon Authenticate User Authenticate User no GUI Further information on these functions and details about their usage are described in the SIMATIC Logon Programming Guide Edition 03/2009 (A5E00734600-03). For further information on SIMATIC, please refer to the following entry: http://support.automation.siemens.com/ww/view/en/62563251 Installation The file Setup_e.exe includes all scripts and modules required for the use of s, as well as a sample project which will also be installed. Validity The function is suitable for use with the following software: PCS 7 V8.0 SP1 and SIMATIC Logon V1.5 PCS 7 V8.0 SP1 inclusive SIMATIC BATCH and SIMATIC Logon V1.5 PCS 7 web client (as an option) Note can be used in SIMATIC BATCH in two different places: 1. In the recipe properties in tab ESIG. 2. In the project properties for recipes, libraries and formulas. Assumed knowledge Basic knowledge of SIMATIC PCS 7, SIMATIC Logon and the Microsoft operating system is assumed. 8 V1.2, Entry ID: 66926225
2 Solution 2.2 of the core functionality Principle of the core functionality Figure 2-2 Table 2-1 No. Action 3. The operator wants to change the status of an object or the value of a variable. 4. The change is acknowledged by authorized personnel with an Electronic Signature. 5. After successful entry of the signature, an audit trail message will be generated. 6. When all required signatures are available, the operation will be executed. A dialog opens, requesting the entry of an. If more than one signature is required, it can be defined whether these signatures shall be entered in one, or in more than one session. After successful signing, a corresponding entry will be generated in the PCS 7 message system. If the signing process is aborted, a warning prompt will appear. In addition, an audit trail message with information on the specific object change will be generated in the PCS 7 message system. V1.2, Entry ID: 66926225 9
3 Function Mechanisms 3 Function Mechanisms The functionality of s is enabled with the help of some programs and scripts. With the setup file included in the delivery, these programs and scripts are installed on the operator system and registered in the WinCC Graphics Designer. Furthermore, the file EsigWinCCInterface.dll will be copied to the installation directory of WinCC. These function are briefly described in the following chapters. Note The application example was also tested in a redundant system environment. If the solution is be used in the context of such a system, it is absolutely necessary that only on one system the project is configured. After that the project must be transferred to the redundant system with the WinCC Project duplicator. 3.1 Dynamic link library EsigWinCCInterface.dll The dll file EsigWinCCInterface.dll includes some help functions for the generation of tag structures. The prototypes of these structures are required for the instances of the different s which are also created with the help of dll functions. The dll functions are used in the VBA script esigconfdlgwithdb for the generation of s. 3.2 Functions and modules for configuration The table below shows a list of all functions and modules required for the configuration of s in PCS 7 Graphics Designer. In the course of configuration these functions can be selected by clicking the esignature menu. Table 3-1 Module MenuBar.bas WinCCTagDlg.bas WinCCUserGroups.bas TextLibrary.bas Shows the user-specific esignature menu in Graphics Designer. The following menu items are available: esignature > > Assign esignature > Reset esignature parameters > Configure the esignatures parameters in the DB > Create esignature table in DB Shows the PCS 7 tag dialog box. This dialog is called by selecting the function Reset esignature parameters and it is used for the display and selection of tags. Includes various functions for configuration and provides a list of all available PCS 7 user groups. Includes various functions for switching over between different languages (German/English) in the different configuration dialogs. 10 V1.2, Entry ID: 66926225
3 Function Mechanisms Module Common.bas CreateTableInDB.bas esigconfdlgwithdb.frm esigresetparamdlg.frm esigconfigdb.frm Includes a number constants required in the whole project which are referenced by the individual modules. Includes various function for the generation of the configuration table in the PCS 7 database. This table contains the data required for Electronic Signatures; if not yet available, the table will be created by the function Create esignature table in DB. Dialog for configuration. Dialog to reset the. Dialog for the configuration of s in the database. 3.3 Functions and modules for Runtime The application of the s function in OS runtime requires the use of some global scripts. The Global Script Editor offers the following functions: Table 3-2 DeleteSignaturesFrom CurrentSession.bmo CreateSigMsgs.bmo ResetESignature Param.bmo GetSignatureRecord FromDatabase.bmo Init_Esig_Dlg.bmo CreateESignature_ AuditTrail.fct Global project function for the deletion of accomplished signatures, if the current session has been aborted. Global project function for the generation of an audit trail message after a signature has been entered, or if the session has been aborted. Global project function used to reset the parameters after successful signature process. This script is called from the project image of the automation object. Global project function used to read out the configuration files from the PCS7 database and to write them to the associated tag structures. This function must be called via the start display using the event Open Picture. In the sample project, this function can also be called from the administrator display. Global project function used to initialize and open the dialog box for s. Global project function for the generation of audit trail messages for the individual signatures in the PCS 7 message system. V1.2, Entry ID: 66926225 11
4 Installation 4 Installation With the help of the setup file you install all components required for Electronic Signatures. Then you can integrate the functionalities into a customer-specific PCS 7 project. The setup program also includes the installation of the PCS 7 sample project. For the installation of the components you must have Windows administrator rights.. Note The sample project has been created with PCS 7 V8.0 SP1. If the project is used on a later PCS 7 version, it must be converted with the project migrator beforehand. Functions and modules All required PCS 7 modules and functions are copied to the subdirectory esignature in the WinCC installation directory. The following files are copied: Table 4-1 Type File VBA Module TextLibrary.bas WinCCTagDlg.bas WinCCUserGroups.bas MenuBar.bas Common.bas CreateTableInDB.bas Forms (dialogs) esigconfdlgwithdb.frm esigresetparamdlg.frm esigconfigdb.frm Global C standard function CreateESignature_AuditTrail.fct Global VBS functions DeleteSignaturesFromCurrentSession.bmo CreateESigMsgs.bmo ResetESignatureParam.bmo GetSignatureRecordFromDatabase.bmo Init_SLEsig_Dlg.bmo DLL (Dynamic Link Library) The DLL EsigWinCCInterface.dll is used in the VBA modules and will be installed to the WinCC installation directory, subdirectory Bin. PCS 7 sample project The PCS 7 sample project will be copied to the directory C:\Documents and Settings\All Users\ApplicationData\Siemens\eSig_DemoProject. 12 V1.2, Entry ID: 66926225
5 of the User Interface 5 of the User Interface 5.1 User interface for configuration 5.1.1 Menu There is a separate menu list for the configuration of s. This menu list is added to the menu bar in Graphics Designer. Figure 5-1 Table 5-1 Function Assign esignature Reset esignature parameters Configure the esignature parameters in the DB Create esignature table in DB Opens a dialog for the configuration of a new Electronic Signature for the selected object. Opens a dialog for the configuration of the function Reset esignature parameters for the selected object. Opens a dialog where previously configured Electronic Signatures stored in the database can be changed. Used to create a configuration table for the esignature data in the PCS 7 database, if this table is not yet available. V1.2, Entry ID: 66926225 13
5 of the User Interface 5.1.2 Dialog Configuration Select the menu commands esignature > Assign esignature to open the configuration dialog for s. Figure 5-2 Table 5-2 Field Unique Tag Name Object Name Operation Operation text with source and target values Area Unit The name specified for the must be unique throughout the whole project. The default setting in this field is: esig_<picture name>_<object name> The prefix esig_ cannot be changed. Name of the automation object for which the is configured. This name will later also be used in the audit trail of the in the PCS 7 message system. Describes the type of operation to be executed after successful application of the. If this option is activated, the operation text displayed in the Runtime dialog for s will also indicate the source and target values. Here you can enter some information about the plant area. Here you can enter some information about the unit type of the value to be changed. 14 V1.2, Entry ID: 66926225
5 of the User Interface Field Quantity of signatures Audit Trail Message No. Timeout Signature order Input session Reset after execution of all signatures Details of the user information Available WinCC user groups Selected groups Assign esignature Cancel Specifies the number of signatures required to execute the operation. This number may range from 1 to 3. The default setting is 1. Message number of the audit trail which is generated after successful signing. If more than one signature is required, a separate audit trail record will be created for each signature. The default message no. setting is 1000. Period during which the (s) are to be made in seconds. The default value is 0 (no time limit). If more than one signature is required, you can define whether these signatures shall be made in a specific order. The default setting is any order. If more than one signature is required, you may define whether these signatures shall be entered in one or in different sessions. The default setting is in different sessions. If this option is activated, all signature parameters will be reset after successful completion of the signature process. This option is activated by default. The following options are available: User ID Full name User ID and full name The default setting is User ID. List of all user groups configured in the operator system (user administrator). List of those user groups which have to make an for this object. Used to shift the selected group to the Selected groups list. Used to remove the selected group from the Selected groups list. Used to move the selected user group in the Selected groups list one place upwards. Used to move the selected user group in the Selected groups list one place downwards. After a click on this button, the function will be configured for the selected object. The event Mouse Action generates a VB script which calls the input dialog and transfers the required parameters. Furthermore, an auxiliary object (rectangle) for the generation of the audit trail messages will be created. A click on this button closes the dialog without any further actions. V1.2, Entry ID: 66926225 15
5 of the User Interface 5.1.3 Dialog Reset Parameters Open the configuration dialog for the function Reset Parameters by clicking the menu commands esignature > Reset esignature. Figure 5-3 Table 5-3 Field Unique Tag Name Selected Objects Reset parameter Cancel The name corresponds to the unique name specified in the configuration dialog for the. This is the structure tag name of the to be reset after the has been successfully applied. Used to open the tag dialog. Note It is not possible to select the instance name of the structure tag. You may, however, select any tag from the structure, since the program will identify the structure automatically. Used to shift the current structure to the list of Selected Objects. Several structure tags can be added. List of selected instances (automation objects) the Electronic Signature parameters of which shall be reset. Used to configure the function Reset esignature parameters at the selected object. This is effected by creating a VB script at the event Mouse Action, which resets the parameters of the signatures in this list. Used to close the dialog without any further actions. 16 V1.2, Entry ID: 66926225
5 of the User Interface 5.1.4 Dialog Configure s in Database The configuration dialog for the configuration of previously defined signatures in the database can be opened with the menu commands esignature > Configure the esignature parameters in the DB. Figure 5-4 Table 5-4 Field Electronic Signatures Number of signatures Signature order Input session This list includes all s of the current PCS 7 project. When clicking an from this list, the relevant parameters will be shown in the corresponding fields. Shows the number of required signatures. This parameter cannot be changed. Shows whether the signatures are to be made in a specific order or not. If more than one signature is required, this parameter can be modified. Shows whether the signatures are to be entered in one session or not. If more than one signature is required, this parameter can be modified. V1.2, Entry ID: 66926225 17
5 of the User Interface Field Details for User Information Audit Trail Message No. Timeout WinCC user groups 1/2/3 Modify Delete Close Shows the original configuration. The following options can be selected: User ID Full name User ID and full name Shows the initially configured message number. Another message number may be entered. Note The program does not check whether the entered message number has actually been configured. Shows the initially configured time in seconds. If the input field shows 0, the can be entered without a time limit. Shows the configured user groups which have to make an. The selection fields for the 2 nd and 3 rd user group will be active only, if the Number of Signature field shows 2 or 3. Selection may refer to any configured OS user groups. Note If the configured user group is no longer available in PCS 7, e.g. because it has been deleted in the User Administrator dialog, this selection field will be marked as missing (highlighted in red). Used to transfer the edited configuration of the selected Electronic Signature to the database. Used to delete a selected signature from the database. Note In this case, the corresponding object in the process image and the tag structure must also be deleted manually. Used to close the dialog without any further action. 18 V1.2, Entry ID: 66926225
5 of the User Interface 5.2 User interface in Runtime With a mouse click on an automation object which includes a configured Electronic Signature you can open a dialog for the entry of s. Figure 5-5 Table 5-5 Field Element Action Entry Sequence Requested at Valid until Signatures Describes the object for which an will be acquired. Describes the operation which will be executed after successful application of the. Shows whether the required signatures are to be entered in one or in different sessions (this dialog may be closed for the time being). Shows whether the signatures are to be made in a specific order. Shows the time when the acquisition of the has started. Shows the point in time until when all required signatures must be entered. If no time is stated in this output field, signature input is not subject to a time limit. Shows the list of user groups from which an is required. V1.2, Entry ID: 66926225 19
5 of the User Interface Field Signing Used to open the SIMATIC Logon dialog for authentication. OK Cancel Help Closes the dialog window and executes the initially started operation, provided all required signatures are available. If the condition all together applies, the dialog cannot be closed with OK before all signatures have been entered. Used to close the dialog without any further actions. After a user prompt, any previously made s will be deleted. No separate audit trail message will be created. Opens the help function for s. This function has been deactivated so that the operator cannot just leave the visualization interface. 20 V1.2, Entry ID: 66926225
6 Sample Project 6 Sample Project The example application includes a variety of operator interventions which require the use of s, such as executing a switching operation (e.g. motor on/off or open/close valve) adjusting a setpoint (e.g. the temperature value of a controller) starting a sequence of operations The different examples are also used to describe various requirements for s: more than one signature (4-eyes principle) adhering to a specific order of signature input collective input of all required signatures with or without a time limit Each successfully applied signature is stored in PCS 7 Alarm Logging in the form of an operation message. Furthermore, an audit trail message with additional information on the executed object change will be generated after each successful signature input. The sample project includes all necessary functions and modules to allocate the esignature functionality to an automation object in PCS 7 and to enable signature configuration as required. Figure 6-1 V1.2, Entry ID: 66926225 21
6 Sample Project 6.1 Preparatory steps before using the sample project The proper functioning of the sample project requires some preparatory steps as described in the following. 6.1.1 Creating user groups and users in Windows The sample project includes various user groups with different authorization levels which are specified in the User Administrator. For the configuration of user groups and users perform the steps described in the following. Table 6-1 No. Action 1. Select Start > Control Panel > Administration > Computer Management in Windows. Then change over to Local Users and Groups. 2. Create the following user groups: Operator SpecialOperator Laboratory SuperUsers 22 V1.2, Entry ID: 66926225
6 Sample Project No. Action 3. Define at least one user for each group and assign this user to the different groups. The screenshot below shows the user group Laboratory which contains one user. 6.1.2 Changing the configured computer name When opening the sample project, you will be prompted that the configured server is not available. Figure 6-2 Proceed as described below to modify the computer name configured for the sample project. V1.2, Entry ID: 66926225 23
6 Sample Project Table 6-2 No. Action 1. Use the SIMATIC Manager and open the PCS 7 project, then select the command Open Object from the context menu of the OS project. 2. Open the Properties dialog for the configured computer. 24 V1.2, Entry ID: 66926225
6 Sample Project No. Action 3. Click the Use Local Computer Name button and rename the OS station using the local computer name. Then restart the WinCC Explorer. 6.2 of the sample project The sample project includes two process pictures with different scenarios for the use of s. Furthermore, it includes an administrator screen indicating the current status of the. 6.2.1 Area button Configuration The Configuration button is used to open the process picture AdvancedProjectSettings.pdl. This window provides an overview of the Electronic Signature states and the configuration data can be loaded anew. Note Before you can use the examples, it is necessary to execute the function "GetSignatureRecordFromDatabase.bmo" once, so that the WinCC data structures are supplied with the data from the database. Click the "Re (Load) the data from database" button. V1.2, Entry ID: 66926225 25
6 Sample Project Table 6-3 Symbol When the button (Re)Load the Electronic Signature data from database is used, the data from the database will be written to the corresponding tag structures. Reloading of the configuration is necessary, if you have changed the configurations in Runtime. When starting Runtime program, this function is called in the startup screen when the picture opens. This status overview shows the OS on which the dialog is open. The Object column shows the different automation objects with s. The Computer column shows the name of the computer on which the dialog is/was open. The State column shows whether the dialog is open (1) or closed (2) at the moment. Use the Reset buttons to reset the signature status manually. This may become necessary, if Runtime has been terminated while the dialog was open. 6.2.2 Area button Example 1 The Example 1 button is used to call the process picture Electronic_Signature_1.pdl. It is configured with four buttons and four motor symbols for some simple switching operations as follows: 26 V1.2, Entry ID: 66926225
6 Sample Project Table 6-4 Symbol In this example, the following input information must be entered: 1 signature (Operator) Sequence: no In one session: yes Timeout: no After successful input of the signature, the value of the internal tag Motor1 will be inverted and the color of the motor symbol changes. In this example, the following input information must be entered: 3 signatures (SuperUsers, Operator, Laboratory) Sequence: no In one session: yes Timeout: no After successful input of the signature, the value of the internal tag Motor2 will be inverted and the color of the motor symbol changes. In this example, the following input information must be entered: 2 signatures (Laboratory, SuperUsers) Sequence: no In one session: no Timeout: no After successful input of the signature, the value of the internal tag Motor3 will be inverted and the color of the motor symbol changes. In this example, the following input information must be entered: 2 signatures (SpecialOperator, SuperUsers) Sequence: yes In one session: yes Timeout: yes (60 seconds) After successful input of the signature, the value of the internal tag Motor4 will be inverted and the color of the motor symbol changes. V1.2, Entry ID: 66926225 27
6 Sample Project 6.2.3 Area button Example 2 The Example 2 button is used to call the process picture Electronic_Signature_2.pdl. It is configured with analog values and a sequence of operations. Any setpoint adjustment and the starting of the sequence require the input of an. Table 6-5 Symbol In this example, the following input information must be entered: 2 signatures (SuperUsers, Operator) Sequence: yes In one session: yes Timeout: no A new setpoint is entered with the help of a dialog window. After successful input of the Electronic Signature, the new value will be written to the SetPoint tag. In this example, three control parameters are defined in one step. The following signatures are to be entered: 1 signature (Laboratory) Sequence: yes In one session: yes Timeout: yes (60 seconds) A new setpoint is entered with the help of a dialog window. After successful input of the Electronic Signature, the new values will be written to the tags Kp, Tn, Tv. Note: After successful application, the signature parameters must be reset manually. This example includes a configured sequence of steps. Each step must be acknowledged with an Electronic Signature. The subsequent step can be performed only after successful entry of the required signatures. Each step has different requirements regarding the acquisition of the s. Note: After completion of the sequence of operations, the signature parameters must be reset manually. 28 V1.2, Entry ID: 66926225
6 Sample Project 6.2.4 PCS 7 message system operation list The messages initiated by the entry of an can be displayed by clicking the buttons Message system and Operation list. All messages of the s are identified by the prefix ESIG. Figure 6-3 V1.2, Entry ID: 66926225 29
7 Applying s to Specific Projects 7 Applying s to Specific Projects 7.1 Preparatory steps for configuration The use of the function in new or previously configured projects requires some preparatory steps as described in the following chapter. Note To ensure faultless operation of all functionalities, the logged in Windows user must have administrator rights while configuring the s. With WinCC V7.4 (PCS 7 V8.2), VBA applications are not executed by default in Graphics Designer. To use the functions, execute the menu command "Tools> Settings..." and deactivate the option "Deactivate all VBA events". 7.1.1 Importing macros For easier signatures configuration, the Graphics Designer program includes some VBA macros. These macros must be imported beforehand. Table 7-1 No. 1. Start the Graphics Designer program. 2. Open the VBA Editor and select the menu commands: Tools > Macros > Visual Basic Editor. 30 V1.2, Entry ID: 66926225
7 Applying s to Specific Projects No. 3. Now you can import the macros for s either for specific projects (@Project.PDT) or for all projects (@Global.PDT). In the following sections you will learn how to import the macros for a specific project. Open the context menu of ProjectTemplateDocument and select the command Import File. You will find the required files in the folder esignature under the WinCC installation directory. Import the following files one after another: WinCCTagDlg.bas WinCCUserGroups.bas TextLibrary.bas Common.bas CreateTableInDB.bas MenuBar.bas esigconfdlgwithdb.frm esigresetparamdlg.frm esigconfigdb.frm V1.2, Entry ID: 66926225 31
7 Applying s to Specific Projects No. 4. After you have imported all files, the dialogs and modules will be shown in the VBA Editor. 7.1.2 Adapting the template file Note 32 V1.2, Entry ID: 66926225
7 Applying s to Specific Projects For the display of the menu in the Graphics Designer program and to enable opening of the configuration dialogs, the template file must be adapted accordingly. You can adapt either the project-specific file @PROJECT.PDT for individual projects or the global file @GLOBAL.PDT for all projects. The following sections refer to the variant for individual projects. Table 7-2 No. 1. Select Tools > Macros > Visual Basic Editor to start the Graphics Designer and the integrated VBA Editor. 2. Open the context menu for the project template file and select View Code. V1.2, Entry ID: 66926225 33
7 Applying s to Specific Projects No. 3. Change the document type from (General) to Document. The method Document_Opened will then be generated automatically. 4. Add the code line MenuBar.Opened to the method. 5. Save your changes and close the VBA Editor and the Graphics Designer. After restart of the Graphics Designer, the new esignature menu will be available. 34 V1.2, Entry ID: 66926225
7 Applying s to Specific Projects 7.1.3 Integrating global scripts The functions required to open the SIMATIC Logon dialog, to reset the signature parameters and to create audit trail messages are realized with the help of global VB and C scripts. These scripts are to be copied into the PCS 7 project. Table 7-3 No. 1. Use the Windows Explorer to open to the folder esignature from the WinCC installation directory. 2. Copy the following files to the folder ScriptLib of the OS project: CreateESigMsgs.bmo DeleteSignatureFromCurrentSession.bmo GetSignatureRecordFromDatabase.bmo Init_SLEsig_Dlg.bmo ResetESignatureParam.bmo CreateESignature_AuditTrail.fct Note If the folder ScriptLib is not yet available, open the VBS Global Script Editor once, so that the folder will be created in the user project directory. V1.2, Entry ID: 66926225 35
7 Applying s to Specific Projects No. 3. When calling the global script VBS editor again, the copied modules will be available in the Project Modules tab. 36 V1.2, Entry ID: 66926225
7 Applying s to Specific Projects 7.1.4 Configuring the database Before an can be configured in Graphics Designer, the database must be prepared accordingly. This is effected via the menu command Create esignature table in DB in Graphics Designer. Figure 7-1 After successful configuration, the following dialog appears: Figure 7-2 7.1.5 Configuring the messages in Alarm Logging The audit trail message generated in the PCS 7 message system after the successful application of an must first be configured in PCS 7 Alarm Logging. In this example, a message of the class System need not be acknowledged (class 18) and the type Operator input message (type 274) is created. Note If no message exists, a corresponding error prompt will appear in the course of configuration, informing you that the message must be created beforehand. The audit trail message initiated by the includes the following information: Context (object, action, type of action, status/value change, unique EventID) Computer name User Date and time Comment Batch name Area Signature status V1.2, Entry ID: 66926225 37
7 Applying s to Specific Projects Table 7-4 No. 1. Open PCS 7 Alarm Logging. 2. In a first step, select the option Comments assigned to unique user of the message class Messages without acknowledgement. This is necessary so as to make sure that a comment entered by the user while making an Electronic Signature cannot be changed at a later point. Proceed as follows: Open the configuration dialog for the message class Messages without acknowledgement ( context menu Properties ). Change over to the Acknowledgement tab. Activate the option Comments assigned to unique user. 38 V1.2, Entry ID: 66926225
7 Applying s to Specific Projects No. 3. Add a new message line to the table window in the Alarm Logging editor. Open this window via the context menu and select the command Append New Line. 4. Mark the new message line and select the command Properties from the context menu: Define the following settings in the Parameters tab: Number (e.g. 1000) Class: System need not be acknowledged Type: Operator input messages Option: will be archived V1.2, Entry ID: 66926225 39
7 Applying s to Specific Projects No. 5. Use the Text tab to define the text parameters for the message as follows: Source: @10%s@ Area: @9%s@ Event: @7%s@ @6%s@ new = @5%s@ @8%s@ old = @4%s@ @8%s@ Batch name: @1%s@ Operation: @7%s@ @6%s@ new = @5%s@ @8%s@ old = @4%s@ @8%s@ - @2%s@ 6. Save your settings and close the Alarm Logging dialog. 7.2 Configuration The configuration of s shall be demonstrated by an easy example. An on/off button shall be used to switch an LED on and off via a binary signal. The LED switching operation shall be secured and logged with the help of an. The basis for this operation is that all steps described in chapter 7.1 Preparatory steps for configuration have been completed. The following objects are required: an On / Off button a rectangle representing an LED an internal binary LampState tag a Windows user Windows user groups and the user administrator groups Laboratory and Operator 40 V1.2, Entry ID: 66926225
7 Applying s to Specific Projects Table 7-5 No. 1. Create the Windows user groups Operator and Laboratory, as well as two Windows user. Assign one user to each group. See chapter 6.1.1 Creating user groups and users in Windows 2. Open the User Administrator. Create the groups Operator and Laboratory. Activate the option SIMATIC Logon. Note It is not necessary to create users in the User Administrator. If the created user groups are exclusively used for the authentication of s, it is not necessary to configure user authorizations in the User Administrator. V1.2, Entry ID: 66926225 41
7 Applying s to Specific Projects No. 3. Create the internal tag LampState. Open the WinCC Explorer in tree view and select Tag Management > Internal tags. Select New tag from the context menu. Select the data type binary and define a name. 4. To enable the use of s in Runtime, the configured data must once be read from the database and written to the internal tags. This is effected by using the function GetSignatureRecordsFromDB which can be called in the project start picture under the event Open Picture, for example. In the example described here, it is called via the picture that also contains the. Open a previously defined or a new picture in Graphics Designer. Use the event Open Picture to configure the VB script with the following code line: (). 42 V1.2, Entry ID: 66926225
7 Applying s to Specific Projects No. 5. Add a button and a rectangle to the picture. 6. Configure the Background Color properties of the rectangle with the following dynamic: Tag LampState = 0 > Background color red Tag LampState = 1 > Background color green V1.2, Entry ID: 66926225 43
7 Applying s to Specific Projects No. 7. Select the button and use the menu commands esignature > Assign esignature. Define the following settings: Fill in the text fields Operation, Area and Unit. Set the Quantity of signatures to 2. Enter the message number into the field Audit Trail Message No. Add the user groups Operator and "Laboratory to the selected groups. Click the Assign esignature button to confirm your settings. All other settings such as timeout, signature order and input session can be selected as desired. Note When having assigned the, the following will be executed: The configuration will be written to the database. The tag structure esignature will be generated. The auxiliary object will be created and positioned at the upper left corner of the button. The button will be configured by means of a VB script at the event Mouse Action. 44 V1.2, Entry ID: 66926225
7 Applying s to Specific Projects No. 8. Finally, you still have to adapt the VB script, so at to connect the button with the actual function and the audit trail message. Open the Properties dialog for the button and select the Events tab. Open the attached VB script. Enter the following code line after the comment declare and initialize tags : Enter the following code line after the comment add your own code here : Close the VB script editor. Save and close the picture. Now you can start the Runtime of the project. A signal change of the configured LED will now be possible only after it has been approved by two different person. V1.2, Entry ID: 66926225 45
7 Applying s to Specific Projects 7.3 Removal of an from an object The annulation of an requires a number of manual operations. Proceed as follows: Table 7-6 No. 1. Delete the tag structure of the associated. Open the WinCC Explorer and select Structure tag. Delete the relevant structure tag from the folder esignature_<n>. 2. Delete the auxiliary object of the. Open the process picture in which the signature is included. Select the auxiliary object and delete it. The auxiliary object of the object Button4 is named ActionObj_Button4 and it is located in the upper left corner of the button. 46 V1.2, Entry ID: 66926225
7 Applying s to Specific Projects No. 3. Delete the script of the from the object. Open the Object Properties dialog and select the Events tab. Open the VB script attached to the event Mouse Action. Delete the code lines related to the. Make sure that the original program remains unchanged. V1.2, Entry ID: 66926225 47
7 Applying s to Specific Projects No. 4. Remove the entry from the database. Select the menu items esignature > Configure the esignature parameters in the DB. Select the relevant data record and delete it. After this procedure, the function will no longer be available for this object and all redundant data will be cleared. 48 V1.2, Entry ID: 66926225
7 Applying s to Specific Projects 7.4 Qualification and test of the application in the project Although the solution for s described in this document has been carefully developed and tested, it is only intended as an example for application. For this reason, s are to be realized, tested and described on the basis of the specific application, especially when used in a regulated environment. The individual scenarios for s within a project are to be defined in your specification. Testing shall not only include a documentation of the configuration s compliance with the specification, but also how the applied is displayed in the message system and, if required, in reports. The input dialog for authentication is a SIMATIC Logon standard module. SIMATIC Logon has been tested in the course of the PCS 7 system tests, so that it does not need to be verified again for the specific project. The dialog for the configuration of s (5.1.2 Dialog Electronic Signature Configuration) presented with this solution includes the automatic generation of scripts which are then adapted manually. These scripts are customer-specific applications in compliance with the GAMP software category 5. This type of applications must be inspected under functional aspects and by means of a code review. This affects the scripts stated in section 3.3 Functions and modules. V1.2, Entry ID: 66926225 49
8 Links & Literature 8 Links & Literature Internet links The following list is by no means complete and only provides a selection of appropriate information. Table 8-1 Topic \1\ Reference to this entry http://support.automation.siemens.com/ww/view/en/66926225 \2\ Siemens Industry Online Support Link http://support.automation.siemens.com \3\ SIMATIC Logon http://support.automation.siemens.com/ww/view/en/62563251 9 History Table 9-1 Version Date Modifications V1.0 02/2013 First version V1.1 05/2014 Adaption PCS7 V8.0 SP1 / Redundancy support V1.2 07/2017 Added the hint to import the database values. Important for PCS 7V8.2 50 V1.2, Entry ID: 66926225