Siemens Enhanced Driver and Siemens' new PLC authorization

I’ll try and formulate the question as concise as possible, but I’m trying to get the hang of two relatively new systems at the same time so apologies if I get it mixed up.

The new Siemens Enhanced Driver (SED) no longer makes use of OPC UA to connect with the PLC, instead making use of Siemens’ internal communication protocol. I’m assuming this is the reason there’s not authorization options included in the SED-setup, as at the time of development there was no application/use-case for this.

Siemens has relatively recently started rolling out new security settings with it’s S1500 firmware updates, presumably in anticipation of european NIS2 laws. This new interface allows the PLC commissioner to differentiate access-levels on a user basis. Any connections not providing a user-pw combination are accepted as anonymous users. This new access-system works internally as well, allowing the commissioner to go as far as limit viewing runtime-data.

Because Ignition requires a significant amount of access, ideally I’d want to create a ignition_scada-user. This allows me to keep the anonymous user at a lower access-level. The SED doesn’t allow for this currently, and from reading the forum I’ve not seen any mention of future implementation.

My question; are the developers aware of the developments and are there currently plans of implementing this in future updates?

The old driver didn't use OPC UA either.

Connecting via OPC UA has always been an entirely separate concept and protocol, available only with S7-1200 and S7-1500 PLCs that support it.

I'll let @Cody_Morgan speak to the rest... support for any of this depends on whether the company that maintains the underlying comms library we use is planning on supporting it / has reverse engineered it / whatever.

It's on my radar. But it's not currently planned. I believe this is something that a newer version of the library supports. I don't have a timeline on when we'll update to the new version, but it is something we plan to do. Once we update, I don't anticipate there being much work required to support the username/password authentication.

So, while not planned, and not imminent, I expect we will add support for this at some point. However, I haven't looked into the details, so it may be more work than it initially seems.