摘要:
An access authorization for a computer-based object in an automation system comprising a plurality of network nodes is granted using a control file which is structured in line with a scheme for a markup language for granting access authorizations and which maps a hierarchic tree structure. In this case, access authorizations are mapped in an object model which has a hierarchic tree structure. A relevant subtree from the object model is ascertained for a selected network node, at which services are provided using computer-based objects, or when access to a computer-based object is requested, by an access guideline service. The control file is produced from the ascertained relevant subtree. The control file produced is made available for the selected network node or for access to the computer-based object.
摘要:
An identifier is determined for a control program, and the identifier is encrypted based on a private digital key associated with a control and monitoring unit of the automation system to grant authorization to access a computer-based object in an automation system. A first service of the automation system is provided based on the computer-based object, and a second service of the automation system is provided based on the control program. The encrypted identifier is decrypted when being transmitted to an authentication service and is verified by the authentication service. If the verification process has been successful, the authentication service transmits a temporarily valid token to the second service. When the control program requests access to the computer-based object, the token is transmitted to the first service for checking purposes. The control program is granted access to the computer-based object if the result of the checking process is positive.
摘要:
An access authorization for a computer-based object in an automation system comprising a plurality of network nodes is granted using a control file which is structured in line with a scheme for a markup language for granting access authorizations and which maps a hierarchic tree structure. In this case, access authorizations are mapped in an object model which has a hierarchic tree structure. A relevant subtree from the object model is ascertained for a selected network node, at which services are provided using computer-based objects, or when access to a computer-based object is requested, by an access guideline service. The control file is produced from the ascertained relevant subtree. The control file produced is made available for the selected network node or for access to the computer-based object.
摘要:
A distributed operation is performed using at least one first and second computer-based object, wherein control information is used to influence or determine a property, a function of the first and/or second computer-based objects. The control information includes details of a parameter identifier, a value associated with the parameter identifier, a range of validity and a remote access attribute. The control information is provided in a retrievable manner, according to the included range of validity, in a memory organized according to ranges of validity and is associated with the first computer-based object. During a function or service call for performing the distributed operation, which is sent from the first computer-based object to the second, the control information is transmitted to the second computer-based object, provided in a retrievable manner in the memory organized according to the ranges of validity and associated with the second computer-based object.
摘要:
A distributed operation in an automation system is performed using at least one first and second computer-based object. The control information is used to influence or determine a property, a function of the first and/or second computer-based objects. The control information includes details of a parameter identifier, a value associated with the parameter identifier, a range of validity and a remote access attribute. The control information is provided in a retrievable manner, according to the included range of validity, in a memory unit organized according to ranges of validity and is associated with the first computer-based object. During a function or service call for performing the distributed operation, which is sent from the first computer-based object to the second, the control information is transmitted to the second computer-based object, provided in a retrievable manner in a memory unit organized according to the ranges of validity and associated with the second computer-based object.