Password protected actions?

Forrest 6 years ago in IQANdesign updated by Majid 3 months ago 4

Using a MD3 I have a set of "Emergency Functions" to give direct control over the system and bypassing the normal safety over-rides. I did this to allow a malfunctioning truck to return to a safe condition so it can be brought back for servicing and allow for easier servicing. 

It function by using various screens and jumping between screens to control different circuits.

I currently have it so you put in the password once to enable these functions by allowing access to these screens, and then they are enabled indefinately.

What I would like to acomplish would be 

A. Require a passeword input every time the main emergency function screen is accessed, 


B. Have the State Parameter that is adjusted to allow the Emergency Functions to be accessed, reset to "disable" with every power down.

I don't think I can do A, but it would be prefered. B should be doable, but I don't see quite how to do it. Do I need to use something other than a state parameter?

the best solution I can think of is to use a timer with memory to "time out" the emergency functions if left enabled longer than 15 minutes. A reset would require the person to disable then re-enable once it is timed out.

I'm not crazy about that solution. If anyone has a better idea, I'd love to hear it.

Have you had a look at the "Automatic reset, state parameter" in the solutions library? 
The trick there is to use a MEM channel as the channel you are adjusting, the SP is simply used to set the value type and state names on the MEM. 

Depending on the level of safety you need, I think you should consider having the MEM on your MC3 or MC4xFS modules (depending on how the system looks), and make use of the built-in adjust group password protection. I personally wouldn't want to rely on an implementation that is built up only with hidden display pages. 

Thanks, I missed that one when scanning the solution library. I'll be lookiing through it. I haven't messed with MEM yet.

"I personally wouldn't want to rely on an implementation that is built up only with hidden display pages."

I'm not sure where you percieve the flaw to be. The button function to access the display page is only enabled when the setting is enabled. The hidden sub-pages have VDIs to perform the actions.   

I am assuming that your safety functions are implemented on one of the PLd/SIL2 controllers, an IQAN-MC3 (if it is an older design you are upgrading) or IQAN-MC4xFS (if it is a new design).  

If you then send a signal from the IQAN-MD3 to override the interlocks, this is a form of "downgrading of the integrity of safety-related signals" as the ISO 13489 standard puts it. 

Even though the IQAN-MD3 is a module that is very reliable, it does not come with a PL or SIL, which significantly limits the PL you are able to calculate for the safety function. 

Also, note the following general comment about the use of VDIN:s 

The virtual digital input channel is connected to a touch button (MD4) or soft function button (MD3) on a display page. It can be used as a flexible way of adding buttons to a system, for functions where reaction time is less important.
As the VDIN depends on the graphics it does not respond with the same real-time performance as other channels; unlike regular digital inputs, it is not intended for commanding movement.

If you build the change to "override mode" into the MC3/MC4xFS application, this is handled locally by the certified controller, making it possible to have the same hardware- and software integrity on the override as the regular safety function used during normal operation. It is possible that you could combine it with some selection from the MD3, but you should use physical inputs on the MC3/MC4xFS to control the movement.