Managing User Permissions to Reduce Risk in Industrial Automation

  • Post category:MEMBER NEWS
  • Reading time:4 mins read

Unauthorized access to manufacturing areas can pose a serious risk to personnel and cause unnecessary machine downtime, negatively affecting both efficiency and productivity. Ensuring only the right people are carrying out the right tasks is a crucial part of safeguarding machinery.

Part of the measures taken to reduce risk and protect both personnel and valuable equipment during tasks is the enforcement of training plans and safe work procedures. However, training only is not always sufficient to prevent unauthorized personnel from entering safeguarded spaces or operating controls. Enforcing personnel authentication and permissions as part of controlling access not only helps reduce risk, but it also contributes to maximizing productivity.

Meet FRANK – The Networked Industrial Permissive System from Fortress Safety

Fortress has engaged extensively with its customers to develop an access control permission solution for manufacturing environments. Many organizations provide employees with RFID cards to perform various actions, such as enabling access to buildings, or recording time and attendance. However, extending their use to industrial control systems can prove challenging.

Fortress has extended this approach and developed Fortress RFID Access Network Keys (FRANK). Using the employee’s existing RFID cards, the FRANK system allows the assignment of employee permissions, which can then be used to enforce conditions for machine operation or access.

Managing Permissions over PROFINET Networks

FRANK can be integrated into automation systems using PROFINET to manage access control permissions. Once permission levels are set in the master software, the information is stored in a local controller which communicates with a Fortress network-enabled device (interlock or control pod) with RFID reader. This device then communicates “access granted”, “access denied” and additional input/outputs to a programmable logic controller (PLC) using PROFINET. In this way, FRANK allows a simplified implementation of user permissions into PROFINET systems; from a single cell to multiple sites, from cabinet controls to cloud-based automation technologies.

When employees scan their existing ID cards on the Fortress device to request access, the details are sent to the local controller where user permissions are checked. The results are then returned to the device, which ultimately communicates to the PLC, granting (or denying) access. After tasks have been completed, the system may signal to the PLC if all personnel have scanned out. Additionally, user permissions can ensure operator interfaces are only used by authorized personnel.

The FRANK software logs all interaction events – monitoring interactions including their date, time, and frequency – allowing data insights that can support efficiency and productivity analysis, identify irregularities, and optimize processes. Event data recorded by FRANK can also be used when an audit trail is required.

The system has an adaptable design which can suit various applications. In one instance, FRANK was used in a steel mill facility to implement access permissions to a zinc coating line, which originally relied only on operators following safe working procedures.

Similarly, an important brand in the food industry decided to adopt FRANK in their warehouse conveyor system to control the availability of the reset pushbutton, so that reset could only be performed by trained personnel with the correct permissions.


Networked Communication with PROFINET

FRANK is designed to work with amGardpro proNet devices – the range of networked interlocks and control pods from Fortress – allowing communication to PROFINET and PROFIsafe based control systems.

amGardpro products are designed, tested, and TÜV approved for use up to Cat.4 PLe / SIL 3. The proNet module allows the features of amGardpro to be communicated as distributed I/O on a PROFINET network, where safety data is exchanged using PROFIsafe protocol. Ethernet connectivity, pushbuttons, and trapped keys can all be combined into a single device, ensuring a high level of configurability to design a safety solution that meets the exact requirements of each application.

Through the addition of the RFID reader, permission control can be integrated into any Fortress PROFINET-enabled interlock. Moreover, FRANK can also be retrofitted to other applications using control pods. Alongside the ability to work with existing RFID cards, FRANK is an extremely versatile system that can be applied to a variety of situations where access control permissions are paramount.