Lock Out User
You can set up security on a server so that multiple failed login attempts will lock out the user.
Difference from Security Feature Lockout
The Web Viewer lockout function is independent of lockout in the Security feature.
| Security Feature Lockout | Web Viewer Lockout | |
Lockout target |
Server (display unit) | Client |
Login operation |
Log in to project on server | Log in to server from client |
| Users affected by lockout | All users with a security level less than the security level set in [Security Level for Unlock] are locked out. | Lockout user |
- For information about Security's lockout feature, refer to
the following.
Lock Out User Accounts - When a user is locked out in Web Viewer, you can record it
in the operation log. For information, refer to the following.
Operations Targeted for Operation Logs
Settings
To use this function, enable the [Security Setting] property and add
user accounts to the project. For information on setting up users,
refer to the following.
BLUE Web Viewer Overview and Development Workflow
In the Project Explorer window, go to [System Architecture] and click [Target01].
In the Properties window, click [Advanced] tab and click [Data Access] tab.
- Go to [Web Function Settings] ➞ [Web Viewer Settings], select
the [Security Settings] check box and set the following properties.
Properties
Example of Unsuccessful Login
The following describes when a user fails to log in from a client.
Web Viewer settings are as follows.
| Property | Setting |
| [Number of Attempts] | 5 |
| [Period of Attempts (sec)] | 60 |
| [Lockout Time (sec)] | 30 |
Failed to login
The first time a user fails to log in, a timer begins counting. If the user continues to fail logging in, and the timer does not reach 60 seconds (setting value of [Period of Attempts (sec)]) on the fifth failed login attempt, the user is locked out. The user cannot log in again until 30 seconds (setting value of [Lockout Time (sec)]) elapse.
Additional login attempts before the Lockout Time elapses will restart the Lockout Time.
The following illustrate various Web Viewer login scenarios.
User Locked Out
A: Period of Attempts
B: Lockout Time
Failed login attempt
User locked out
When the user fails to log in, the [Period of Attempts] begins counting. If the user fails to log in the defined number of times before the [Period of Attempts] has elapsed, the user is locked out for the [Lockout Time]. After the [Lockout Time] has elapsed, the lock is released for the user.
Period of Attempts Elapses Before User Locked Out
A: Period of Attempts (1)
B: Period of Attempts (2)
Failed login attempt
When the user fails to log in, the [Period of Attempts] begins counting. The [Period of Attempts] elapses before the user fails to log in the defined number of times, resetting the process. The next time the user fails to log in, the [Period of Attempts] begins counting again.
User Lock Out Time Extended
A: Period of Attempts
B: Lockout Time (1)
C: Lockout Time (2)
Failed login attempt
User locked out
When the user fails to log in, the [Period of Attempts] begins counting. If the user fails to log in the defined number of times before the [Period of Attempts] has elapsed, the user is locked out for the [Lockout Time]. If the user makes another log in attempt before the [Lockout Time] has elapsed, even if the entered user name and password are valid, the [Lockout Time] starts counting again from the beginning. Once there are no more login attempts and the [Lockout Time] has elapsed, the lock is released from the user.
Notes on Web Viewer Lockout
- When a user is locked out on the server, the server itself becomes locked out. When the server is in this condition, only authorized users can log in and release the lock on the server. When a user is locked out on a Web Viewer client, the user is locked out and the lock on the user is released only after the [Lockout Time] has elapsed. There is no special way to release the lock on the user.
- Even while a user is locked on a client, any other user can still log in from the client, not just specially authorized users.
- Even while the server is locked out, users can still log in to the server from a client.
After a user is locked out on a client, the operation log does not record any further failed login attempts by the user. The operation log continues logging operations by the user only after the lock on the user is released.