Web-based Management 2:
Accessibility of pages

Valid from firmware release 2025.0 - for earlier firmware see the regarding WBM pages in the WBM (legacy) branch

Visibility and accessibility of WBM 2 pages in general

Pages in the WBM 2 depend on these conditions: 

  • device type
    Some WBM 2 pages are mandatory on all devices, others are only visible on devices that provide the according functions.
  • user settings
    Functions could have been deactivated on the device by settings in the System Services WBM 2 page, so the WBM 2 page won't be displayed even though the according feature is present in general with that product.
  • user-side programming
    Starting with Firmware release 2025.0, user may add their own pages for additional functions.
  • firmware release
    Newer firmware releases might provide more pages.
  • user role
    Visibility and accessibility for the default WBM 2 pages is only guaranteed for the default Admin user; additional users with other roles will have some restrictions. See the next section for the defaults.
Note: Visibility of WBM 2 pages depends on the device and firmware release in use.
In addition, some WBM 2 pages could have been deactivated by settings in the System Services WBM 2 page.

Default permissions for user roles

User roles on WBM 2 pages

Note: User roles that are not mentioned in a table do not have any access permission in the regarding context. 

WBM 2 pages Page and tab access: User role
Admin SecurityEngineer SecurityAuditor CertificateManager UserManager Engineer Commissioner Service DataViewer DataChanger Viewer
Overview
Device section General Data
Diagnostics section PROFINET
[r] read-only access
Other tabs
NetNames [r] [r] [r] [r] [r]
Notifications
Axioline
INTERBUS
Configuration section Network
[r] read-only access
[r/s] read access and 
reset statstics
IP configuration [r/s]     [r/s] [r/s] [r/s]      
Netload limiter [r/s]       [r] [r]      
Date and Time                  
PLCnext Store                  
Proficloud                  
SPLC              
Fan Control                  
Web Services                  
Security
section
SD card                  
Firewall                  
Syslog                  
Project integrity 
[r] read-only access
      [r]          
Certificate management                
User management                
User policies                  
LDAP configuration                
Security Profile                  
System
section
Device maintenance
[c] can only change the user password
[nr] cannot reboot oder reset the device
[c] [c] [nr] [nr] [nr] [c] [c] [c]
App management                
System services                  
Backup & restore                  
License management                  
Update                  

User roles in other context

PLCnext Engineer

Note: User roles that are not mentioned in a table do not have any access permission in the mentioned features in PLCnext Engineer.

PLCnext Engineer Access permission for: User role
Admin SecurityAdmin Engineer Commissioner Service DataViewer DataChanger Viewer EHmiViewer EHmiChanger SafetyEngineer
PLCnext Engineer 
user interface
View values in the cockpit (e.g., utilization)      
Transfer a project to the controller                
Start (cold/warm restart) or stop the controller              
Restart the controller (reboot)                    
Reset the controller to default setting type 1                    
View online variable values        
Overwrite variables                
Set and delete breakpoints                
Download safety-related programs to the controller  
[4]
             
[5]
Start or stop safety-related programs  
[4]
             
[5]
Debug safety-related programs   
[4]
             
[5]
PLCnext Engineer
HMI application
View online variable values              
Overwrite variables                  
  1. As of firmware 2023.0 LTS, safety permissions for the Engineer user role are always enabled. As of the firmware 2023.0.1 LTS hotfix: if the Security Profile is enabled, safety permissions for the Engineer user role are disabled. If needed, use the SafetyEngineer user role in addition. See detailed description of combined safety user roles.
  2. Do not use this user role alone. This role is designed for use as an add-on to other user roles, e.g. Engineer. See detailed description of combined safety user roles.

Applications and services

Note: User roles that are not mentioned in a table do not have any access permission in the mentioned applications and services.

Note: Additional roles may be necessary, e.g. for use with the Device and Update Management.
Application or
service
Access permission for: User role
Admin SecurityAdmin Engineer Service DataViewer DataChanger Viewer FileReader FileWriter SoftwareUpdate SafetyUpdater
SD card,
parameterization memory
SFTP access to the file system with an SFTP client
[6]
                   
Shell SSH access to the shell
[6]
                   
By means of dedicated tools Update safety-related firmware on the controller                  
OPC UA® access by means of a client application View online variable values        
Overwrite variables              
Read files
(OPC UA file transfer must be
enabled via PLCnext Engineer)
                 
Write files
(OPC UA file transfer must be
enabled via PLCnext Engineer)
                 
Update firmware on the controller                  
Device and Update Management (DaUM) Update firmware, software and projects                    
  1. Authentication with a user name and password is always required for SSH or SFTP access, even if user authentication is disabled.

 

 


• Published/reviewed: 2025-07-22  ⌨  Revision 082 •