[RQ7.5] Each SafetyConsumer shall implement the parameters shown in Table 17 which can be set via the SPI. The mechanisms for setting these parameters are vendor specific. The SPI of the SafetyConsumer represents the parameters of the Safety communication layer management of the SafetyConsumer.
Table 17 – SPI of the SafetyConsumer
Identifier |
Type |
Valid range |
Initial Value (before parametrization) |
Note |
SafetyBaseID |
GUID |
See Clause 11.1.1 |
0x0 |
The default SafetyBaseID of the SafetyProvider this SafetyConsumer uses to make a connection, see Clause 3.2.25. For dynamic systems, the safety application program can overwrite this ID by providing a non-zero value at the input SafetyBaseID of the SafetyConsumer’ s SAPI. |
SafetyProviderID |
UInt32 |
0x1 - 0xFFFFFFFF |
0x0 |
The SafetyProviderID of the SafetyProvider this SafetyConsumer normally connects to, see Figure 10 and Clause 3.2.26. For dynamic systems, the safety application program can overwrite this ID by providing a non-zero value at the input SafetyProviderID of the safety Consumer’s SAPI.
|
SafetyConsumerID |
UInt32 |
0x1 - 0xFFFFFFFF |
0x0 |
ID of the SafetyConsumer, see Clause 11.1.2. |
SafetyStructureSignature |
UInt32 |
0x1 – 0xFFFFFFFF |
0x0 |
Signature over the SafetyData structure, see Clause 8.1.3.4 |
SafetyConsumerTimeOut |
UInt32 |
0x1 – 0xFFFFFFFF |
0x1 |
Watchdog-time in microseconds (µs). Whenever the SafetyConsumer sends a request to a SafetyProvider, its watchdog timer is set to this value. The expiration of this timer prior to receiving an error-free reply by the SafetyProvider indicates an unacceptable delay. See Clause 10.2 |
SafetyOperatorAckNecessary |
Boolean |
0x0 / 0x1Default 1 |
0x1 |
This parameter controls whether an operator acknowledgment (OA) is necessary in case of errors of type “unacceptable delay” or “loss”, or when the SafetyProvider has activated FSV (ActivateFSV). 1: FSV are provided at the output SafetyData of the SAPI until OA. 0: PV are provided at SafetyData of the SAPI as soon as the communication is free of errors. In case of ActivateFSV the values change from FSV to PV as soon as ActivateFSV returns to “0”.
Note: This parameter does not have an influence on the behavior of the SafetyConsumer following the detection of other types of communication errors, such as data corruption. For these types of errors, OA is mandatory, see Clause 7.4.2. |
SafetyErrorIntervalLimit
|
UInt16 |
6, 60, 600 |
600 |
Value in minutes. The parameter SafetyErrorIntervalLimit determines the minimum distance two consecutive communication errors must have for not triggering a switch to FSV in the SafetyConsumer. It affects the availability and the PFH of this OPC UA Safety link, see Clause 7.4.2 and Clause 11.4. |
SafetyProviderLevel
|
Byte |
0x01 - 0x04 |
0x1 |
SafetyConsumer’s expectation on the maximal SIL the SafetyProvider implementation (hardware & software) is capable of. See Clause 7.3.3, Clause 8.1.3.3, and Figure 11. |
NOTE: the engineering system can use the initial value to set a parameter to a safe value.