S3 Common Functions

YOKOGAWA TRAINING Section 3.
CS3000 Common Functions

TE 33AU1C3-01 Rev. 3.3 3-1

SECTION 3

CS3000
COMMON FUNCTIONS

CONTENTS

3 COMMON FUNCTIONS ...................................................................................3-2
3.1 Security Overview.................................................................................................. 3-2
3.1.1 DCS Risk Profile ............................................................................................................. 3-3
3.1.2 Overview of Security Implementation............................................................................ 3-4
3.1.3 Recommended Security Procedures: .............................................................................. 3-5
3.2 CS3000 Security Function..................................................................................... 3-9
3.2.1 Overview of the Security Function ................................................................................. 3-9
3.2.2 HIS Security .................................................................................................................. 3-10
3.2.3 User Security ................................................................................................................. 3-11
3.2.4 User Group..................................................................................................................... 3-13
3.2.5 Privilege level ................................................................................................................ 3-17
3.2.6 Priority Levels of the Tag.............................................................................................. 3-24
3.2.7 Advanced Security......................................................................................................... 3-25
3.2.8 Windows Security ......................................................................................................... 3-27
3.3 Alarm Function.................................................................................................... 3-29
3.3.1 Overview of the Alarm Function .................................................................................. 3-29
3.3.2 Viewing Alarms............................................................................................................. 3-34
3.3.3 Advanced Alarm Filter.................................................................................................. 3-38
3.3.4 Techniques for Alarm Minimisation............................................................................. 3-41
3.4 Plant Hierarchy function..................................................................................... 3-47
3.5 Operation Mark ................................................................................................... 3-51
3.6 Operation Group.................................................................................................. 3-52
3.7 PICOT................................................................................................................... 3-53
YOKOGAWA TRAINING Section 3. CS3000 Common Functions
TE 33AU1C3-01 Rev. 3.3 3-2

3 COMMON FUNCTIONS

3.1 Security Overview

The CS3000 system is based on the Microsoft Windows operating system, and is
usually combined into corporate networks to enable accessibility of data from the
DCS to plant information management systems. This presents security vulnerabilities
partly because of the nature of the operating system, and partly because of the
required openness of the system.

Security problems:

1. Viruses these have the potential to damage and disable operational interfaces
(HIS) and data gathering (ExaOPC and Exaquantum) components of the DCS.
Viruses will not affect the control units (FCS) because they operate on a
proprietary operating system.

2. Unauthorised Access it may be possible for someone to gain unauthorised
access to the DCS and either damage one or more of the components (eg,
wiping a hard disk), or possibly even gaining control of the DCS and shutting
down plant, or putting it into an unsafe state.

With the move to Vnet/IP, an Ethernet based network for the control network, security
issues have become increasingly important.

This section provides a summary of the security issues associated with a networked
DCS, and provides a policy for securing the system.

TE 33AU1C3-01 Rev. 3.3 3-3
3.1.1 DCS Risk Profile

The DCS is a network of computers and as such is susceptible to the problems
associated with all networked computers. This section describes these problems and
how they will affect the DCS.

1. Viruses - The risk of a virus infecting the DCS is high. Most viruses involve
either disabling a Windows based PC, or causing denial-of-service attacks by
flooding a network. The CS3000 components at risk are the HIS, the ExaOPC
server and the Exaquantum server. Losing any of these devices will result in
loss of data and the ability to monitor the plant. However, unless all HISs are
affected simultaneously, it would not affect the control of the plant.

2. Denial-of-service attacks are often caused by viruses, but may have other
causes. DoS attacks work by flooding the network, making normal
communication difficult or impossible. It is possible that a DoS attack from a
HIS onto the Vnet could cause degradation in performance of the Vnet,
leading to loss of data and reduced ability to monitor the plant. The risk of a
virus related DoS attack is high

3. Access - The risk of unauthorised access is more likely to be caused by a
disgruntled employee than an outside attack. (Between 70% and 80% of all
cyber incidents are by people with authorised access.) However, the
consequences can be serious. A random attack from an internet source is most
likely to gain access to a PC and disable it. At worst, such an attack could
bring down the network, resulting in loss of data and the ability to monitor
plant operations, but will not affect the control of the plant. However, an
inside attack by someone with knowledge of the system could be very serious,
as they have the ability to interfere directly with the control of the plant.

Access points:

1. The connection from the corporate network to the DCS network is the main
port of entry into the system. From this, unauthorised users from the internet
and from within the corporate network can gain access. It is also a connection
point where viruses can enter.

2. Floppy disks, CDs and other removable media can contain viruses and these
can be transferred to the system through any of the PCs within the DCS.

3. Dial-up access for remote maintenance is also an entry point, although is
limited to those who know the telephone number, and is therefore easily
traced. There is the risk of people scanning telephone numbers and finding this
entry point, but the chances are small.

TE 33AU1C3-01 Rev. 3.3 3-4
3.1.2 Overview of Security Implementation

Objective of the security process

Prevention The system must be designed to prevent unauthorised
access in the first place. This is achieved through proper design of the
network architecture, implementation of security policies, installation
of anti-virus software, and update procedures.

Detection Should a cyber incident occur, the ability to detect it as
soon as possible ensures that problems due to the attack are minimised.

Recovery The ability to repair systems after an attack and bring them
back online quickly ensures that the effects of damage due to an attack
are minimised.

Implementation of the security process:

Design of network architecture the network must be designed in such
a way as to minimise the number of points of access. This includes
single point of access through a router and firewall, demilitarised zones
(DMZ) and, in certain cases, the use of decoys (honeypots).

Implementation of security policies As part of the system installation,
security policies need to be implemented that limit access and reduce
the possibility of misuse of the equipment. The policies should range
from securing the computer operating systems to making use of the
control system security features. Implementation includes: hardening
of O/S through security policy configuration and password
management, locking down of I/O ports (floppy disk drives, CD drives,
USB memory, etc) and installation of anti-virus software.

Maintenance of the system after installation Once the system is
installed and running, regular maintenance of the security
configuration is necessary to maintain its integrity. New methods of
circumventing security are constantly being developed, as are new
viruses and it is essential to remain ahead of these. Maintenance
includes: monitoring of log files for suspicious activity, virus updates,
O/S updates and regular backups.

TE 33AU1C3-01 Rev. 3.3 3-5
3.1.3 Recommended Security Procedures:

System Architecture

1. Router - Install a router between the corporate network and the DCS.
Through this, limit and control which PCs have access to Exaquantum,
ExaOPC and Remote HIS. Yokogawa recommends using a CISCO router
with the optional firewall software. CISCO SDM (Security Data Manager)
should be included to tighten the firewall.

2. Firewall - In addition to the firewall software provided with the CISCO
router, install a hardware firewall with the router. A firewall not only
limits access for PCs over the network, but also tracks connection between
the networks. Yokogawa recommends using the Symantec Gateway
Security 5400 Series.

3. Intrusion Protection System (IPS) This provides further protection
against unauthorised entry, and is often the only defence against worms
which are often able to sneak in through open ports in the Firewall. An IPS
is expensive and only required in critical applications.

4. DMZ - Install Exaquantum Server, update servers and any web servers in
a demilitarised zone (DMZ). This zone sits between the DCS and the
corporate LAN so that clients need access only to the servers in the DMZ.
This makes it much easier to control and secure the connection between
the DCS LAN and the DMZ.

5. Honeypots these are decoy computers that sit in the DCS network and
are designed to look like a part of the DCS. Such computers may be
installed with HIS/HIS-TSE, Exaquantum Server or ExaOPC, but not
actually connect to the process controllers or use its database. They may
contain similar updates to the other computers, but still have a few holes
through which a hacker could gain access. While a hacker cannot do
anything useful with these computers, they could give those monitoring the
system security time to trace the source of the attack. Such a technique
requires extensive maintenance, very fast detection, and experienced IT
personnel. While it is listed here, it is not generally recommended, as its
usefulness is limited by the available resources and experience of
personnel monitoring the system.

6. Vnet/IP Although Ethernet connection can share the same physical
network as Vnet Bus 2 with the Vnet/IP system, it is recommended that a
separate network interface card be installed in all computers that connect
to the external network, such as ExaOPC and PRM. This will ensure that
no external client will have direct access to the control bus network.

TE 33AU1C3-01 Rev. 3.3 3-6

PRM Server
Router/Firewall/IPS
Eng Station HIS
ExaOPC HIS-TSE
Exaquantum
Exaquantum
Client
HIS-TSE
Client
DCS Zone
Corporate Zone
Controller Controller
Vnet
Ethernet
Corporate Ethernet
Figure 1 DCS Security Architecture
PRM Client
Router/Firewall
Demilitarized Zone
DMZ Ethernet
Web Server Update Servers (VUS, WUS)
Note, DCS Ethernet is part of
the physical Vnet/IP bus.
DCS Ethernet
TE 33AU1C3-01 Rev. 3.3 3-7
System Security Configuration:

7. Physical Security - Lock away PCs in the DCS network, such as HISs,
ExaOPC/HIS-OPC servers and Exaquantum servers so that unauthorised
people do not have access to the disk drives.

8. Client Access to ExaOPC - Limit or prohibit access to ExaOPC/HIS-OPC
from the corporate network. It is recommended that staff do not have VB
access to ExaOPC/HIS-OPC data. Ensure that ExaOPC/HIS-OPC has
read-only privileges.

9. Remote HIS - Ensure that any HIS with HIS-TSE server or PCAnywhere
is read-only, so that remote users do not have operational access to the
plant.

10. Internet Access - Disable internet access from all devices in the DCS
network. It is essential that there is no web or email access from any
computer within the DCS network. Hide the PCs within the DCS network
from the main network so that they cannot be seen in Network
Neighbourhood (also known as My Network Places).

11. Windows Policies - Set up security policies in the DCS PCs such that disk
drives and USB memory devices cannot be used, and the running of
applications and access to the file system is restricted. Make use of the
Centum Desktop function available with CS3000.

12. Computer Hardening Remove all unnecessary programs and services
from the computers.

13. Passwords - Ensure that all users have passwords. Change passwords
regularly, and create passwords that are difficult to crack. The default
CENTUM password should be changed.

14. CS3000 Operator Security - Setup Operator security using Advanced
CS3000 Security. Each Operator should have their own username and
password. This defines operator access to plant control, and provides a log
of all operations performed by that operator.

15. CS3000 Engineering Security - Install the Access Administrator package.
This provides access control and an audit trail for all engineering tasks
conducted through System View.

TE 33AU1C3-01 Rev. 3.3 3-8
Software

16. Installation provide a standardised operating system installation for the
DCS computers, such that the operating system version, service pack and
patch levels are the same for all computers. Ensure that the service pack
and patch levels are approved by Yokogawa.

17. Viruses - Install a virus protection program and keep it up to date. How it
is kept up to date depends on the system. This is discussed in the
Maintenance section below. We recommend Norton Anti-Virus, which
Yokogawa must configure for optimal performance.

18. Windows Updates Microsoft regularly issues patches for Windows to
resolve security problems with the operating system. While it is desirable
to install these patches as they are released, not all of them are necessary
for the DCS, and some could cause instability within the DCS. Yokogawa
tests all patches and releases a regular report on which updates need to be
installed and whether it is safe to do so. We recommend a Windows
Update Server (WUS) be installed in the DMZ which is manually updated
with recommended patches. This server can then install the patches on the
HISs and other DCS computers as required.

Maintenance

Regular maintenance is essential to maintaining the integrity of DCS security.
The following measures are necessary as part of an ongoing maintenance
regime:

19. Virus Updates For large systems, it is recommended that a PC is in
operation on the DCS network (or DMZ) which receives updates for the
virus package (VUS). This will then update the DCS accordingly. It must
not be updated directly from the internet, but it should be updated from the
server on the corporate LAN. If it is a small isolated system, update the
virus package manually and ensure this is done regularly.

20. Windows Updates update the WUS on a monthly basis or when
Yokogawa issues a test report on Windows patches.

21. System monitoring monitor firewall, router and DCS log files regularly
to detect any suspicious activity. The firewall should be configured to
provide alarms in the event of a security breach.

22. Backups carry out backups of all DCS computers regularly, or at least
after any system updates. Two copies of the backup disks should be kept:
one on-site and one off-site. At least three previous sets of backups are to
be maintained so that the system can be restored to a known point before
an infection or breach occurred.

TE 33AU1C3-01 Rev. 3.3 3-9
3.2 CS3000 Security Function

The security function is used to control access to the system, and to specific areas and
functions of the system.

Note: General-purpose Windows applications other than operation and monitoring
functions follow the security procedures for Windows.

3.2.1 Overview of the Security Function

The security function restricts the scope of operation and monitoring permitted for an
operator, and masks certain alarms for which the operator need not be notified. The
following two types of functions are available with the security function:

HIS security
User security

The HIS security function restricts the scope of operation and monitoring, as well as
the authority of the HIS. By doing so, operation performed by a user regarding
certain equipment or data items can be prohibited, regardless of the scope of operation
and monitoring or the authority granted to the user.

The user security function restricts the scope of operation and monitoring, as well as
authority given to the user. By doing so, operation by a user on certain equipment or
data items, to which he/she has no access authority, can be prohibited. The scope of
operation and monitoring permitted for an operator is determined by a combination of
HIS security and user security settings.

In the framework of the security function, operation and monitoring is defined as
follows:

Operation
Setting data to function blocks, changing function block statuses and other
operations.

Monitoring
Displaying function block data, receipt of messages and calling up windows.

TE 33AU1C3-01 Rev. 3.3 3-10

3.2.2 HIS Security

The functional security level regarding operation and monitoring as well as the
operation and monitoring scope can be set for the HIS itself. The HIS security check
has a precedence over the user security check. Use the HIS Constant Definition
Builder to set the HIS security.

Select the function security level of the HIS from the following two types:

Monitoring only HIS
Operation and monitoring HIS (default)

If the HIS is set as a monitoring only, a user can only perform monitoring on the HIS
regardless of his/her access level. Operations allowed on the HIS set as operation and
monitoring vary depending on the user privilege level and the security level of the
function blocks.

Scope of Operation and Monitoring - Advanced Setting

The operation and monitoring scope of the HIS can be set for each HIS.

In the operation and monitoring scope check, both the operation and
monitoring scope of the HIS and that of the user group are checked. Any
operation or monitoring that is not included in both scopes cannot be
performed.

Monitoring Range (Default: ALL)
Operation Range (Default: ALL)
Window Range (Default: ALL)
Acknowledgment (Default: ALL)
Process Message Receiving (Default: ALL)
System Alarm Receiving (Default: ALL)
Exclude Monitoring (Default: NONE)
Exclude Operation (Default: NONE)
Exclude Acknowledgment (Default: NONE)
Exclude Process Message (Default: NONE)
Exclude System Alarm (Default: NONE)

The default setting is ALL for INCLUDE and NONE for EXCLUDE.

TE 33AU1C3-01 Rev. 3.3 3-11

3.2.3 User Security

User security is defined by the security settings specified for each user. When an
operator is checked for his/her user security, the operator is identified by the user
name and the scope of operation and monitoring and privilege level. As a result, the
scope of operation and monitoring permitted for the operator can be restricted. In
addition, it is possible to mask out alarms that are not required for that user.

The following items may be defined in relation to user security:

User name
User group
Privilege Level

The user security function records the details of operation and monitoring performed
by the user as operation logs. These operation records may be checked on the
Historical Message Report Window.

The security builder is accessed through the COMMON folder for the project:

TE 33AU1C3-01 Rev. 3.3 3-12
The Security Builder configures users and user groups. User registration is described
below:

User Registration

User name definition is carried out on the definition builder. Each user name
must be unique, consisting of eight alphanumeric characters or fewer. Up to
250 users can be defined. Upper- and lower-case letters are not distinguished.
Up to 32 single-byte characters or 16 double-byte characters may be entered
for each user name.

Password

When logging in, the user enters their name and password. In the Password
tab of the security builder, it is possible to select either local or common. If
local is selected then setting the password is carried out in the user-in dialog
box called up from the system message window. If common is selected, then
a master password file is held in the project server and this is checked
whenever someone logs on.

Automatic User-Out Time

When an automatic user out-time is defined, the user automatically changes to
the OFFUSER when the automatic user-out time elapsed. The choices are:

1. Elapsed time from user in when someone logs in, after the specified
period, they are logged out. Specify the time in hours and minutes.
2. No operation time if there has been no activity on the HIS for a
period of time, the user is logged out. Specify the time in minutes.

TE 33AU1C3-01 Rev. 3.3 3-13

3.2.4 User Group

The users are classified into groups based on their operation and monitoring
scopes. This classification is called user group.

The following attributes are assigned to each user group:

User group name
Operation scope
Monitoring scope
Windows scope
Confirmation operation scope
Messaging scope
Comment

Each user is linked to a user group so that when they log in, the scope of their
operations and monitoring, including what alarms they receive and
acknowledge is defined.

Figure 1.1 Example of Relationship Between User Group and
Operation/Monitoring Scopes

In the above example, the users belong to Group A (user1, user2 and user3)
have rights on operating and monitoring tank1 and monitoring tank2, but have
not right on tank3. While the user belongs to Group B (user4) has rights on
operating and monitoring tank3 but no right on tank1 nor on tank 2.

TE 33AU1C3-01 Rev. 3.3 3-14

User Group Name Definition

The user group name is defined on the security definition builder. Each user
group name must be unique and be 8 or less alphanumeric characters. 50 user
groups may be assigned to one project. The names are not case sensitive. User
groups may be used to classify the messages sent to different printers. Up to
32 single -byte characters or 16 double-byte characters may be entered as the
comment for a user group name.

Note: a HIS can be a member of a User Group. This is configured in the
Open I/F tab of the HIS Constants.

Setting Operation and Monitoring Scope

The operation and monitoring scope is set for each user group. The user-in
user can perform operation and monitoring within the scope specified for the
user group to which he/she belongs. The operation and monitoring scope may
be exclusively defined on the security definition builder.

Inclusive Definition

Specify the following items:

Monitoring Range
Specify the scope of data to be read by station name, drawing
name, and unit name.

Operation Range
Specify the scope of data to be read and written by station
name, drawing name, and unit name.

Window Range
Specify a window name a user can operate and monitor after
user-in. Specify folder name and window name.

Acknowledgment
Specify the scope of acknowledged process alarms by station
name.

Process Message Receiving
TE 33AU1C3-01 Rev. 3.3 3-15
Specify the scope of monitored messages by station name.

System Alarm Receiving
Specify the scope of monitored system alarms by station name.
The operation range must be included in the monitoring range.
You cannot operate outside the monitoring range.

The following keywords are used in setting operation and monitoring
scope:

ALL
Operation and monitoring rights on all stations and windows
connected to the control bus

NONE
No monitoring rights on any station

station names (e.g. FCS0101)
unit names
drawing names (e.g. %DR0001S0101)

When setting operation and monitoring rights on designated station names
or window names, the wild card character * can be used instead of part
or all characters in a character string. The default setting is that all stations
and windows are within the operation and monitoring scope.

Exclusive Definition

Specify the following items:

Exclude Monitoring
Specify the scope of data not to be written by station name,
drawing name, and unit name.

Exclude Operation
Specify the scope of data not to be read or written by station
name, drawing name and unit name.

Exclude Acknowledgment
Specify the scope of non-acknowledged process alarms by
station name.

Exclude Process Message
Specify the scope of non-monitored messages by station name.

Exclude System Alarm
Specify the scope of non-acknowledged

TE 33AU1C3-01 Rev. 3.3 3-16

Combining Inclusive and Exclusive Definitions

You may combine inclusive and exclusive definitions to specify various
scopes.

The following are examples of combination:

If operation and monitoring are possible at the FCS0101 and FCS0102;
Specify FCS0101 and FCS0102 at the inclusive definition, and NON at
the exclusive definition.

If operation and monitoring are possible at other stations excluding
FCS0103; Specify ALL at the inclusive definition, and FCS0103 at the
exclusive definition.

If operation and monitoring are possible at the FCS0101 and FCS0102,
but not at the UNIT A; Specify FCS0101 and FCS0102 at the
inclusive definition, and UNIT A at the exclusive definition.

Example of Operation and Monitoring Scope Setting

Monitoring rights: ALL
Operation rights: FCS0101,FCS0102,%DR0001S010301,UNIT001
Operation and monitoring rights on windows: TANK1, WIN*

In the above example, all stations and windows are within the monitoring
scope. However, only stations FCS0101 and FCS0102, drawing DR0001 of
station FCS0103 (%DR0001S010301) and unit UNIT001 are within the
operation scope. The operation and monitoring rights on windows covers all
windows lower than the hierarchy TANK1 and the hierarchies windows under
the windows whose names start with WIN.

TE 33AU1C3-01 Rev. 3.3 3-17

3.2.5 Privilege level

The users rights and abilities on operation and monitoring are defined as
accountabilities.

The following attributes are assigned to each privilege level:

Whether or not monitoring is permitted
Whether or not operation is permitted
Whether or not operation and monitoring using system operation windows
is permitted

Privilege Level and User Security

With the user security function, a users operation and monitoring authority on
data items and system operation windows is determined by the users privilege
level.

Operation and Monitoring Authority on Data Items

Below are tables that describe the relationship between the privilege level of
the operator and the security level of a function block. The security level of a
function block can be set between 1 8 and this defines what privilege level
the operator needs to be able to monitor and operate the tag.

The tables on operation and monitoring authority are fixed and cannot be
edited.

Table Data Item Operation and Monitoring Authority Table
(Important Tag and Ordinary Tag)

Note: The authority on Important Tag and Ordinary Tag is the same as that
of the security level 4.
*1: Users having no AFLS operation authority cannot acknowledge alarms
sent from the corresponding function blocks.
R/W: Both operation and monitoring permitted
R: Only monitoring permitted

TE 33AU1C3-01 Rev. 3.3 3-18
<Toc> <Ind> <J10. Security Function> J10-23
IM 33S1B30-01E 4th Edition : Jan.11,1999-00
J10.4 Function Block Security
An attribute called security level is assigned to the function blocks.
The security level classifies function blocks by priority level. The bigger number of
the security level stands for higher priority level.
Function Security Levels
Security Level
Several operation and monitoring authority tables classified by data items, each corre-
sponding to a different function security level are provided. As the security level changes,
the operation and monitoring authority changes over each data item.
Data items
Privilege level
Security
level 1
Security
level 8
S1 S2 S3
Mode status, SV, MV R/W R/W R/W
Alarm set value R/W R/W R/W
Write-allowed data items other than mode status,
SV, MV, and alarm set value
R/W
R/W R/W
Write-prohibited data items R/-
R/-: Only monitoring permitted
R/- R/-
AFLS (alarm acknowledgment) only R/W R/W R/W
J100401E.EPS
Figure Security Levels
Security level may be set from level 1 to level 8. The security level definition may be carried
out on the Function Block Detail Builder. Level 4 is the default security level set for the
function blocks.
The operation and monitoring authority tables for different function security levels are
shown below:
Table Operation and Monitoring Authorities for Security Level 1
Data items
Privilege level
S1 S2 S3
Write-allowed data items other than mode status,
R/W R/W R/W
Write-prohibited data items R/- R/- R/-
J100402E.EPS

TE 33AU1C3-01 Rev. 3.3 3-19
J10-24 <Toc> <Ind> <J10. Security Function>
IM 33S1B30-01E
Data items
Privilege level
S1 S2 S3
Write-enable data items other than mode status,
R/- R/W R/W
Write-disable data items R/- R/- R/-
J100403E.EPS
Data items
Privilege level
S1 S2 S3
Alarm set value R/- R/W R/W
R/- R/W R/W
Write-disable data items R/- R/- R/-
J100404E.EPS
Data items
Privilege level
S1 S2 S3
Mode status, SV, MV
Alarm set value
Write-disable data items
AFLS (alarm acknowledgment) only
J100405E.EPS
R/- R/W R/W
R/- R/W R/W
R/- R/W R/W
R/- R/- R/-
R/W R/W R/W
Data items
Privilege level
S1 S2 S3
Mode status, SV, MV
Alarm set value
J100406E.EPS
R/- R/- R/-
R/- R/- R/-
R/- R/- R/-
R/- R/- R/-
R/W R/W R/W
4th Edition : Jan.11,1999-00

TE 33AU1C3-01 Rev. 3.3 3-20
<Toc> <Ind> <J10. Security Function> J10-25
IM 33S1B30-01E
Data items
Privilege level
S1 S2 S3
Mode status, SV, MV
Alarm set value
J100407E.EPS
-/- R/- R/W
-/- R/- R/W
-/- R/- R/W
-/- R/- R/-
-/- R/W R/W
-/-: Neither operation nor monitoring permitted
Data items
Privilege level
S1 S2 S3
Mode status, SV, MV
Alarm set value
J100408E.EPS
-/- -/- R/-
-/- -/- R/-
-/- -/- R/-
-/- -/- R/-
-/- R/- R/W
Data items
Privilege level
S1 S2 S3
Mode status, SV, MV
Alarm set value
J100409E.EPS
-/- -/- -/-
-/- -/- -/-
-/- -/- -/-
-/- -/- -/-
-/- -/- -/-
6th Edition : Jan.24,2000-00

TE 33AU1C3-01 Rev. 3.3 3-21
Window Operation and Monitoring Authority

With the operation and monitoring functions, the operation and monitoring
authority can be set for each window. By setting the operation and monitoring
authority on graphic windows, changing the instrument faceplate assignment
or acknowledging of alarm blinking can be prohibited.

In the case of trend windows, changing the trend pen assignment can be
prohibited by setting the corresponding operation and monitoring authority.

The following three types of operation and monitoring authorities can be set
for windows:

General window
Important window
System operation window

The types of windows with which a user can perform operation and
monitoring vary, de-pending on the settings of operation and monitoring
authority on windows and the users accountability level.

The table below shows operation and monitoring authorities on windows,
indicating which user can perform operation and monitoring using which types
of windows:

Table 3.4 Table of Window Operation and Monitoring Authorities

The operation and monitoring authority on system operation windows cannot
be changed. The operation and monitoring authority on windows other than
system operation windows can be changed using the system view.

TE 33AU1C3-01 Rev. 3.3 3-22
Operation and Monitoring Authority on System Operation Windows

The operation and monitoring authority on windows is defined over the system
maintenance window and system view.

The following windows are referred to as system operation windows:

System status overview window
System alarm window
FCS status window
HIS setup window
System View

Table 3.5 Operation and Monitoring Authority over System Operation Window

TE 33AU1C3-01 Rev. 3.3 3-23

Change Privilege Level on the Operation Keyboard

When the HIS console is connected with an operation keyboard, the privilege
level of the user may be changed temporarily using the mode selection key on
the keyboard. The privilege level changed on the keyboard has higher priority
than the level set in the user-in dialog box.

The following two mode selection keys are used to switch the security level:

Operation key
The key can be switched between the ON and OFF positions only.

Engineering key
The key can be switched to any position.

Table 3.5 Relationship Among Mode Selection Key Position, Privilege Level
and Operation Mode

TE 33AU1C3-01 Rev. 3.3 3-24

3.2.6 Priority Levels of the Tag

The tag priority level is one of the attributes assigned to function blocks. The
confirmation operation after changing data or the tag mark displayed with a function
block varies with the security level of the function block set with tag priority.

Priority Levels of the Function Block

The priority level of a function block is determined in accordance with the tag
priority assigned to the block.

The tag priority levels classify tags into the important tag, ordinary tag,
auxiliary tag1 and auxiliary tag2. The priority levels are represented by tag
marks.

Assigning the important tag priority level to the function block displays the
acknowledgment dialog, but assigning other priority levels does not. When
entering a value to a function block that requires acknowledgment, a dialog
box appears to prompt for confirmation.

Table 3.6 Tag Priorities

TE 33AU1C3-01 Rev. 3.3 3-25
3.2.7 Advanced Security

With the advanced security function, detailed security settings can be defined for each
function block. The advanced security settings are included in advanced setup items
in the security definition builder.

As mentioned previously, there are three standard security access (privilege) levels:
S1, S2 and S3. These can be extended with 7 extra security access levels: U1 - U7.
Unlike the standard levels, they are not assigned to the key switch, and users with
these levels must log-in using the HIS login function.

The advanced setting items are as follows:

Window Monitoring
Window Operation
Tag View
Item Operation
Operator Action
Operation-mark On

For each of these items, a table mapping privilege level to security level allows the
user to define which access levels allow the items listed above to be actioned, as the
example below shows:
TE 33AU1C3-01 Rev. 3.3 3-26

Table 3.7 Example of Extended Privilege

When accountability level U1 is defined, the users to whom U1 is
assigned will be prohibited from performing any operation.

Window Monitoring - defines whether the user can display a window.

Window Operation - defines whether the user can operate function within
a window.

Tag View - defines whether the user can call up a faceplate on the operator
console.

Item Operation - defines whether the user can change data on the tuning
panel of the faceplate.

Operator Action - defines whether the user can operate a faceplate.

Operation-mark On - defines the users accessibility to the 3 security levels
of an Operation Mark (see below).

TE 33AU1C3-01 Rev. 3.3 3-27
3.2.8 Windows Security

During installation, CS3000 creates a user in Windows called CENTUM (with
password CENTUM). This provides a restricted level of access, and generally the
HIS is set up to log in to this user on start-up.

It is important to not change the settings of CENTUM (including password) as the
system uses this to communicate between stations. If this user is deleted, or the
password is changed then the stations cannot talk to each other.

It is also possible to further restrict user access by modifying certain elements of this
user.

Start up for [CENTUM] the HIS Operating and Monitoring functions will start up
automatically when you logon to the PC.

Auto Logon will automatically log into CENTUM user on boot-up of the PC. The
password of CENTUM is CENTUM. If the password is to be changed, this must be
done through this dialog box and the same password must be applied to all HIS and
EWS. Otherwise they will not be able to communicate with each other.

TE 33AU1C3-01 Rev. 3.3 3-28
Set Desktop Environment for CENTUM by selecting CENTUM Desktop, the
START menu is cleared of most applications, including shutdown. The desktop is
also cleared of any icons so that the operator cannot launch any applications in the
PC. This can be modified further by deleting all items from the START menu
manually.

HIS Security Policy allows the advanced setting of user security behaviour. This
applies to the CS3000 User Security and not Windows security.

TE 33AU1C3-01 Rev. 3.3 3-29
3.3 Alarm Function

3.3.1 Overview of the Alarm Function

There are two types of alarms:

System alarms failures of DCS hardware or software, eg, I/O card failure
Process alarms alarms from the process, ie, outside the DCS, eg, high
level alarm, motor failure, etc.

These alarms are displayed on separate alarm pages, and the process alarms are the
most important ones for the operator.

Process alarms are generated in the FCS. These are either Function Block alarms,
Annunciators or Input/Output Status alarms. When these are raised, the FCS time-
stamps the alarm and broadcasts it onto the Vnet. The alarm package then captures it,
displays it on the process alarm page and logs it to the Historical Event Message file.

Each function block has several configuration items relating to alarms:

Alarm Level defines the alarm priority level, and what the alarm does
Alarm Setting Individual alarm types can be enabled or disabled

TE 33AU1C3-01 Rev. 3.3 3-30
Alarm Level Definition

In the properties of a function block, an alarm level is assigned as follows:

1. High
2. Medium
3. Low
4. Logging
5. User(5) to User (16)

These alarm levels do not relate directly to the alarm priority, but are mapped to alarm
priority and alarm type in the Alarm Processing Table Builder (Common folder of the
project), as shown in the following table.

The rows are numbered 7 to 32 and these relate to the different alarm types as can be
seen in the User-defined Status Character String Builder. For example, alarm no. 15
is a HI HI alarm.

TE 33AU1C3-01 Rev. 3.3 3-31
The first four alarm levels are fixed and cannot be changed. These in fact, correspond
directly with the four alarm priorities. However, there are 12 user-definable alarm
levels (User(5) to User(12)) where the alarm priority and tag mark colour can be
modified for each alarm type for that alarm level, as shown below:

TE 33AU1C3-01 Rev. 3.3 3-32
Alarm Priority Definition

Once the alarm level has been set for a tag, the function of each of the five alarm
priorities can be defined in the Alarm Priority Builder. The alarm priorities are:

1. High priority
2. Medium priority
3. Low-priority
4. Alarm Logging Only
5. Reference

Here you can define what happens when the alarm occurs and when it recovers. The
fields are as follows:

CRT notification to the operator, on the alarm line and in the process
alarm window
PRT the alarm is sent to the printer
Historical File the alarm is logged to hard disk
Alarm Action locking, non-locking or self acknowledging

Locking the alarm must be acknowledged before it is cleared
from the alarm page
Non-Locking the alarm is cleared from the alarm page as
soon as it returns to normal, even if it has not been
acknowledged
Self-acknowledging the alarm is immediately acknowledged
so that it is never seen flashing

TE 33AU1C3-01 Rev. 3.3 3-33
Alarm Settings

For each function block, the different types of alarms can be enabled or disabled.
This is accessed by selecting the function block and calling Edit Detail.

Note that a hysteresis is applied to the alarms as a percentage of the engineering range
of the function block. This is a builder item and cannot be adjusted through the
operator display.

TE 33AU1C3-01 Rev. 3.3 3-34
3.3.2 Viewing Alarms

The Process Alarm Page

The process alarm page displays current and unacknowledged alarms. It has a 200
alarm buffer. Older alarms can be viewed through the historical event message file.

The process alarm page has some simple alarm filtering functions:

Equipment name allows sorting using the plant
hierarchy function. This provides a sophisticated
method of grouping alarms according to plant
location and function. This is discussed in more
detail later.
TE 33AU1C3-01 Rev. 3.3 3-35
Process Report

The process report displays the current state of tags and I/O in the system. It has a
more sophisticated filter than the process alarm page and through this it is possible to
list tags according to their particular alarm state, or other attribute of the tag.

With the search utility it is possible to display tags that are in a specific alarm, say
HH, by typing HH into the Specified Alarm field. Tags can be specified by wild
cards, so for example, 30G* will list all tags beginning with 30G.

TE 33AU1C3-01 Rev. 3.3 3-36
Historical Message Report

All alarms, operator actions and other events are logged to file on the hard disk.
These can be viewed in the Historical Message Report window. This shows all
events, but the filter allows you to view specific types of events and alarms.

The search function has the following search parameters:

Date search for events between two time & dates, or look back over the past few
hours, days or weeks.

Message Type Select the type of message to display.
This includes:

Process and System Alarms
Status Change (eg, mode change to auto)
Operation Message (eg, turning on a motor)
Various System Messages

TE 33AU1C3-01 Rev. 3.3 3-37
Occurrence Source Select the range of the search,
ie, search by station, plant hierarchy (see below), tag
name.

User Search by user. The historical message
function records which user performed what operation
and so it is possible to check what a user has done over
a given time.

TE 33AU1C3-01 Rev. 3.3 3-38
3.3.3 Advanced Alarm Filter

An advanced alarm filter filters out alarms generated on the HIS and displayed on the
Process Alarm page during plant operation. It is possible to define a filter for each
operator and only notify the operator regarding alarms corresponding to the operators
level and range of rights. In order to use advanced alarm filters, it is necessary to
install the Advanced Alarm Filter package on the HIS.

What is an Advanced Alarm Filter ?

An advance alarm filter can perform the following operations:

It can suppress alarm buzzer output, LED output and window output generated
during plant operation, according to user-defined filter settings. Note,
however, that printer output, historical output and LED output for user-
assigned information cannot be filtered.

It is possible to specify conditions for the filtering of alarms using logical
operators such as AND, OR, XOR and NOT. The conditions are specified via
fixed qualifiers, such as tag names, project names, station names and types of
alarms, rather than being based on dynamic conditions that depend on the
status for the generation of a given alarm.

It is possible to create several filters in advance, and to switch between them in
order to select a filter with settings suitable for a particular situation. It is also
possible to disable filters as necessary.

It is possible to set security when creating and switching between filters.

It is possible to export advanced alarm filters created in one HIS, and to import
and use them in another HIS.

TE 33AU1C3-01 Rev. 3.3 3-39
Calling up the filter window:

The Advanced Alarm filter window is displayed by typing .AF into the NAME field.

Filter Syntax

Into this window filter logic can be written. The information on the syntax is
available in the help file that can be accessed by clicking on the Help menu.

Keyword Options Description
KIND: AL, OG Type of Message
PJT: Pn Project ID (eg, P1, P2, etc)
PL: Sn Plant Hierarchy Name (eg, S1, S2, etc)
AL-C: Black, Red, etc Alarm Colour
AL: HH, HI, LO, etc Alarm Name
AL-P: H, M, L Alarm Priority. H = High, M = Medium, L = Low
STN: Sddss Station Name (eg, S0101)
TAG: Tag, *, ? Tag Name (eg, FIC100, FIC*, ?IC1*)
NO: Message Number (eg, 1101)
TYPE: BLK, ANN, OTH Alarm Type

Operators:

Keyword Description
& AND
| OR
^ Exclusive OR
! NOT

TE 33AU1C3-01 Rev. 3.3 3-40
Examples:

1. Display only function block alarms of HI or HH attributes:

TYPE:BLK & (AL:HI | AL:HH)

2. Display only High priority, Red colour alarms from FCS0105:

STN:S0105 & AL-P:H

Note: Red alarms are IOP, HH, HI, LO, LL alarms. Deviation,
Velocity and Output alarms are Yellow and will not be displayed.

3. Display all alarms beginning with FIC:

TAG:FIC*

4. Display all alarms with the letter L or P as the second character:

TAG:?L* | TAG:?P*

Enabling/Disabling the Advanced Alarm Filter

Within the Advanced Alarm Filter window, the filter can be enabled or disabled as
shown above.

When it is enabled, the Process Alarm Window shows AF01 on the window frame,
to indicate that alarm are being filtered.

For more information on the Advanced
Alarm Filter, refer to the Instruction Manual:
Reference, Part E12.5 (IM 33S01B30-01E).

Filter On Filter Off
TE 33AU1C3-01 Rev. 3.3 3-41
3.3.4 Techniques for Alarm Minimisation

There are several ways alarms can be minimised using the standard functions of the
CS3000 system. In addition, there are a number of packages available for alarm
analysis and management, including AAASuite, and ExaPlog. Only the standard
CS3000 functions are discussed here.

Alarm Priority

The default alarm priority for all function blocks is medium. This means that all
alarms generated by function block are reported equally to the operator.

It is recommended that the alarm priority of function blocks be set as low as is
appropriate for that function block. Thus, any that do not require alarm reporting
should be set to Logging or Reference. All others should be set to Low priority
unless they are important. A very small number should be set to High priority.

Alarm Configuration

In the Detail settings of a function block, disable any alarm types that are not required
for that function block. Set hysteresis levels to avoid alarm chatter.

Alarm Masking and Disabling

However, the problem with these solutions is that in some contexts an alarm may need
to be reported, whereas in other contexts in does not.

For example: High current alarm on a motor. This is important for tripping the motor
and notification to the operator during normal operation. However, when the motor is
first started, the current spike should be ignored.

Below are some possible techniques for dealing with these situations. These comprise
masking and disabling alarms in function blocks:

Masking this does not disable the alarm function, but stops the alarm from being
reported to the operator. Specific alarms or all alarms in a function block can be
masked. This can be done manually by the operator or by logic in the FCS. These
techniques are described below.

Disabling the alarm function within a function block can be disabled such that the
alarm is not detected. Only a specific alarm within the function block can be disabled,
and this can only be done in a sequence table or logic chart.

TE 33AU1C3-01 Rev. 3.3 3-42
Procedure for Masking Nuisance Alarms through the operator display

This procedure for masking nuisance alarms can be performed during operation. It is
important to be able to check which tags have had their alarms masked, and this
section describes how to list which ones have been masked.

How to mask the alarm function of a tag:

1. Call up the faceplate for the tag.

This can be done in several ways:

Click on the NAME button and type in the tagname.
Call up the Alarm Window and double click on the tag.
Call up the tag from a graphic or control group.

TE 33AU1C3-01 Rev. 3.3 3-43

2. Call the Tuning Panel from the faceplate:

This can be done by clicking on the TUNING button in the Toolbox.

3. Click on the Alarm On/Off button, and then the Confirm button to disable the
alarm.

This is a toggle button. Clicking on the same button will re-enable it.

When the Alarm Off button is pressed, the word AOF appears in the faceplate. This
indicates that the alarm has been masked. This means that the alarm will no longer be
reported to the Alarm Window. However, note that the alarm still appears on the
faceplate itself.

Alarm On/Off toggle button
TE 33AU1C3-01 Rev. 3.3 3-44
Checking for Alarm Off status of Tags:

It is important to check periodically for tags that have had their alarm function
masked. This can be done through the Process Report window.

1. To call the Process Report window, click on the Process Report button on the
Tollbox, or press the same button on the Operator Keyboard.

2. The Process Report window appears. Click on the Tag Search Dialog button
and select AOF under State. Press OK.

Process Report button
TE 33AU1C3-01 Rev. 3.3 3-45
Masking alarms in logic

The alarm mask item is the AOF data item. The syntax for its usage in a sequence
table is as follows:

Tag.AOFS Alarm Type Mask alarm of this type (eg, HI)
AOF Mask all alarms in this function block

Example of usage:

VALVE1.PV ON Y N

LC500.AOFS HI Y N
FI100.AOFS AOF Y N

If VALVE1 is open, mask the HI alarm of LC500.
mask all alarms of FI100
If VALVE1 is closed, unmask the HI alarm of LC500
unmask FI100 alarms

Cancelling alarms in logic

This works in a similar way to alarm masking. However, when alarms are cancelled,
the alarm detection process is disabled.

Tag.AF Alarm Type Cancel alarm of this type (eg, HI)
Tag.XAF IOP Cancel IOP alarm detection for this tag

Example of usage:

MOTOR1.PV ON Y Y N
TIM01.BSTS CTUP N Y

TIM01.OP START Y N
II100.AF HI Y N N

If MOTOR1 is running and timer not expired:
start a timer
cancel the current alarm (II100)

If MOTOR1 is running and timer has expired:
re-enable the current alarm

If MOTOR1 is not running:
stop the timer and re-enable the current alarm.

TE 33AU1C3-01 Rev. 3.3 3-46
Representative Alarm Block

The representative alarm block provides a way of condensing the alarms of 16
function blocks in a single alarm. The operator can then call up this block and
identify what alarm has occurred.

This block masks the alarms of the 16 function blocks connected to it, and raises a
single alarm to the operator if any of the block go into alarm.

To configure this block, go into the EDIT DETAIL of the block and select the
Representative Alarm tab. The last field is where you type in the name of the
connecting blocks.

For more information see the Instruction Manual:
Reference, Part D1.31 (IM 33S01B30-01E).

TE 33AU1C3-01 Rev. 3.3 3-47
3.4 Plant Hierarchy function

CS3000 allows function blocks, control drawings and FCSs to be assigned to a plant
hierarchy. This has many benefits, such as the ability to filter alarms and define
security by a plant area. Plant Hierarchy organises the plant control system in a
layered architecture based on the ISA S88.01 physical model. CS3000 implements
this according to the following diagram:

A Custom Plant can be built which enables you to build your own plant hierarchy.
While the hierarchy can be designed in many different ways, a typical hierarchy might
look like this:

Equipment Hierarchy Belongs to:
Site A large area of plant
FCS, HIS Area Site
Drawing Cell Area
Tag (FB or AN) Equipment Cell

Customising the Plant Hierarchy is accessed in the COMMON folder of the project,
under the file name Custom Plant. In this you enter the equipment name and format,
and Upper Equipment Name (ie, what it belongs to) for each type of equipment in the
hierarchy. Usually, large plant areas with several FCSs will be designated as Sites,
smaller areas that may be controlled by a single FCS are Areas, equipment sets that
are controlled by a single drawing are Cells, and single elements such as alarms,
transmitters, control loops, pumps and valves and designated as equipment.

Control Drawings can be assigned to the plant hierarchy through the Equipment file in
the CONFIGURATION folder of the FCS.

In summary, the various components of the DCS can be members of different levels
of the hierarchy as follows:

Equipment Member of
FCS, HIS Site
Control Drawing Site, Area
Tag (FB or AN) Site, Area, Cell, Unit, Equipment

TE 33AU1C3-01 Rev. 3.3 3-48

Once this has been done, it is then possible to assign an Upper Equipment Name to
each FCS and HIS. This is done through the Properties dialog for each station. This
then makes the FCS a member of a Site.

To assign control drawings to Areas, in the Configuration folder in the FCS, open the
Equipment file. This lists all the drawings, and each can then be assigned to an Area
or even a Site. Thus, although drawings within an FCS usually belong to the same
Area, they can belong to different areas. Function Blocks can be assigned to Cells by
selecting the Upper Equipment Name in the Properties dialog of the block.
Likewise, Annunciators can be assigned to Cells be selecting the "Upper Equipment
Name in the Annunciator configuration.

TE 33AU1C3-01 Rev. 3.3 3-49
The results of your plant hierarchy assignments can be viewed by the plant hierarchy
viewer. This is accessed though the TOOL menu in System View. Within the
viewer, stations, drawings and tags can be designated as equipment. This is useful
for alarm filtering as described above.

Now that the hierarchy is setup, it can be applied to the Security, Operation Grouping
and alarm settings. It can also be used for alarm filtering on the operator display.

In the Security Builder (Common Folder), in User Group fields (such as Monitoring
Range, Process Message Receiving, etc), Site, Area or Cell names can be entered, and
all FCSs, drawings or tags that are a members of this hierarchy are then available.
Thus, it is not necessary to list individual FCSs or drawing numbers. Similarly, HIS
operation and monitoring scope can be configured in the same way in the Opecon file
for the HIS.

TE 33AU1C3-01 Rev. 3.3 3-50
Filtering of alarms can be simplified by selecting an equipment name in the search
field in the Process Alarm page. Also, in the Process Report and Historical Event
Message file, equipment names can be used to search for events, alarms and tags.

For more information on Plant Hierarchy, refer to the
Instruction Manual: Reference Part E10.

TE 33AU1C3-01 Rev. 3.3 3-51
3.5 Operation Mark

To attach or remove a tag mark on a function block may temporarily enable or disable
the operation restriction on the instrument faceplate. When an operation mark is
attached to a function block, a comment label can be added to the function block and
the security level of the block (i.e., the write access) can be changed temporarily
during operation. When the operation mark is removed, the security level returns to
the original setting.

Operation marks have the following attributes:

Operation Mark type (Tag Level)
Colour
Comment Label
Attachment/Removal attribute

Security Provided by an Operation Mark

When an operation mark is created, a security level (1-4) is defined that sets
the accessibility of the faceplate when the operation mark is applied to it. This
is defined in the Tag Level field as follows:

Privilege Level
Tag Level
S1 S2 S3
1. Comment Type (no access restriction) Y Y Y
2. S2, S3 Privileges N Y Y
3. S3 Privilege N N Y
4. Operation Guard Type (write prohibited) N N N

As well as defining the access level when the mark is applied, the access level
required to apply and remove the operation mark can also be defined. This is
defined in the Install/Remove attribute.

Operation Mark Label

Operation marks label can be set using the operation mark definition builder.
Up to 4 double-byte characters or 8 single-byte characters can be entered as
the text on the label (string). The operation mark label may be temporarily
changed during the operation on the HIS setup window.

Operation Mark Color

The color of the operation mark is defined on the Operation Mark definition
builder. The color of the operation mark may be temporarily changed on the
HIS Setup window.

TE 33AU1C3-01 Rev. 3.3 3-52

3.6 Operation Group

A number of HIS consoles on the same bus system are defined with same operation
policy, and the operation and monitoring may be performed in the unit of the group.
This group is referred as operation group.

Setting Operation Group Identifier

The following functions are relying on the settings of operation group
identifier.

The HIS consoles with the same ID may acknowledge the same
operation guide message or system alarm message.

The HIS consoles with the same ID may call up each others panel
set.

The operation group identifier are defined in the properties setting box. Up to
8 alphanumeric characters may be used but only the first two characters stand
for the ID, the text from the 3rd character is referred as the ID comment. The
default setting is [A1].

The wild card [*] may be used in group identifier setting. When setting the
group ID as [A*], the acknowledgment operation is valid for HIS consoles
with operation group identifiers beginning with the letter A.

Buzzer Acknowledgment Identifier (BuzzerACK)

For the alarm silence function, it is possible to define which HISs will have
their alarm buzzer silenced when the Buzzer Reset button is pressed. All HISs
with the same BuzzerACK ID belong to the same Buzzer Reset group, and if
the Buzzer Reset button is pressed on any one of these HISs, then the buzzer
will be silenced on all these HISs. Those HISs with a different BuzzerACK ID
will not be silenced and their Buzzer Reset buttons must be pressed as well.

TE 33AU1C3-01 Rev. 3.3 3-53
3.7 PICOT

PICOT is an under-used but very useful utility that allows downloading or capturing
of FCS data in an Excel spreadsheet. It is simply necessary to list the tags and data
items in a spreadsheet for the read or write. This has many uses, such as loading bulk
tuning parameters, loading recipe data, capturing totals and averages for a report.

To use PICOT, the following packages are required:

PICOT
HIS-OPC
Excel

The process is triggered by setting a %M3 event in a sequence table. This causes a
Procedure definition file in the HIS to execute a download and/or upload as required
using the Grade and Product files that contain the lists of tags. It is even possible to
trigger Macros within the spreadsheet, such as a print of a report.

To setup PICOT, the following files must be configured in the
CS3000\his\users\save\BKUPicot directory:

Procedure definition file PrcxxxxSyyzz.xls. This file defines what happens when
a %M3 request is triggered by an FCS. It initiates the reads/writes according to the
Grade and Product definition files. One procedure definition file is required for each
PICOT event in the FCS from which PICOT events are to be received.

The file name format is defined as follows:

xxxx a 4 digit number, eg, 0001, that corresponds to the %M3 number in the
FCS.
yy domain of the FCS
zz station number of the FCS

File example: filename = Prc0001S0101.xls

Num Command Arg1 Arg2 Arg3
1 GRADESET 0001
2 PRODUCTSET 0001
3 DOWNLOAD GROUP1
4 UPLOAD GROUP2
5 END

In this example, the grade and product files are connected to, and then the download
and upload are executed. Any number of upload and download commands can be
listed before the END command.

TE 33AU1C3-01 Rev. 3.3 3-54
Grade definition file (write) Gdfxxxx.xls (Download definition). This file
contains the list of tags and data items, and the values to be loaded to these items in
the FCS.

Example: file = Gdf0001.xls

GROUP TAG ITEM VALUE
GROUP1 LC500 P 100
I 250
D 25
END

Product definition file (read) PdfxxxxSyyzz.xls (Upload definition). This file
contains the list of tags and data items to be read from the FCS.

Example: file = Pdf0001S0101.xls

GROUP TAG ITEM VALUE
GROUP2 LC500 PV
END

Triggering the read/write:

There are two ways of triggering the PICOT event:

1. Sequence table in FCS the command in the action line of the sequence is:

%M30001.PV NON Y

This will send an event that causes Prc0001S0101 to execute.

2. Run from the PC this simulates a trigger from the FCS and can be run from a VB
program, etc. This format is:

BKUMS3S.exe <Domain> <Station> <Area> <MessageNo.>

Example: BKUMS3S.exe 1 1 1 1

The results of the read are put into a spreadsheet in the result folder.

For more information on PICOT, refer to the
Instruction Manual: Reference Part M8.

S3 Common Functions

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

S3 Common Functions

Uploaded by

Copyright:

Available Formats

YOKOGAWA TRAINING Section 3.

CS3000 Common Functions

You might also like