Features, discussions, tips, tricks, questions, problems and feedback

Securing the GOT: A Practical Guide to HMI Access Levels

#1

Securing the GOT: A Practical Guide to HMI Access Levels
(user accounts and their security levels)

Introduction:

When designing security access levels for a Human Machine Interface (HMI), such as a Mitsubishi GOT (Graphic Operation Terminal), the goal is to balance usability, operational efficiency, and security.

Based on practical experience and common industrial needs, it is suggested four distinct access levels for a GOT HMI system.

This number keeps things manageable while addressing the key roles typically involved in interacting with an HMI in an industrial setting. Too many levels can overcomplicate things and frustrate users, while too few might compromise security or flexibility.

Reasoning: industrial environments usually involve operators running the system, supervisors managing operations, maintenance staff troubleshooting or adjusting settings, and engineers/administrators handling configuration or sensitive controls.

Four levels cover these roles effectively without overlap or unnecessary granularity. Below, a description of each level and then summarize them in a table.

Descriptions of Suggested Access Levels

  1. Operator Level (Basic Access)
  • Purpose : For frontline workers who monitor and control the system daily.
  • Access : Can view real-time data (e.g., temperatures, pressures, statuses), start/stop processes, and acknowledge alarms. No ability to change settings or configurations—just enough to keep things running smoothly.
  • Why : Limits risk of accidental changes while empowering operators to do their job.
  1. Supervisor Level (Intermediate Access)
  • Purpose : For team leads or shift managers overseeing operations.
  • Access : Everything Operator Level has, plus the ability to adjust setpoints (e.g., target speeds, limits) within predefined ranges, reset minor faults, and view basic trend data or logs for shift oversight.
  • Why : Supervisors need some control to optimize performance without delving into deep system settings.
  1. Maintenance Level (Advanced Access)
  • Purpose : For technicians tasked with upkeep and troubleshooting.
  • Access : Includes Operator and Supervisor privileges, plus access to diagnostic screens, manual overrides, parameter tweaks (e.g., calibration), and detailed error logs. Cannot alter core programming or security settings.
  • Why : Maintenance needs flexibility to fix issues but shouldn’t mess with the system’s foundational logic.
  1. Engineer/Admin Level (Full Access)
  • Purpose : For system designers, programmers, or IT staff managing the HMI.
  • Access : Full control—everything from previous levels plus editing HMI screens, modifying PLC logic (if integrated), updating security settings, and accessing all historical data or system backups.
  • Why : This level is for those who built or maintain the system’s integrity, so they need unrestricted access (with proper safeguards like passwords).

Practical Considerations

  • Authentication : Each level should require unique credentials (e.g., PINs, RFID badges, or passwords). For a GOT, you’d use its built-in security features to enforce this.
  • Audit Trail : Log who accesses what and when, especially for higher levels, to track changes.
  • Timeouts : Auto-logout after inactivity to prevent unauthorized use if someone walks away.
  • GOT Specifics : Mitsubishi GOTs support multiple security levels (up to 16 in some models), but four is practical for most applications—keeps it simple and aligns with typical workflows.

Table Summary

image
image.png1090×613 179 KB

Conclusion:

This setup ensures clear boundaries between roles, minimizes human error, and protects sensitive functions—all while keeping the system practical for real-world use.

Note:

This is just a suggestion guideline – and will differ from plant to plant, project to project, SOW to SOW.