6.3.4.4 SPI of the SafetyConsumer
[RQ6.15a] Each SafetyConsumer shall implement the parameters and constants [RQ6.15b] as shown in Table 26. The parameters (R/W in column “Access”) can be set via the SPI, whereas the constants (R in column “Access”) are read-only. The mechanisms for setting these parameters are vendor-specific. The attempt of setting a parameter to a value outside its range, or of the setting of a read-only parameter, shall not become effective, and a diagnostic message should be shown when appropriate. The SPI of the SafetyConsumer represents the parameters of the safety communication layer management of the SafetyConsumer. The values of the constants depend on the way the SafetyConsumer is implemented. They never change and are therefore not writable via any of the interfaces.
| Identifier | Type | Valid range | Initial value (before configuration) | Access | Note |
|---|---|---|---|---|---|
| SafetyProviderIDConfigured | UInt32 | 0x0 to 0xFFFFFFFF | 0x0 | R/W | The default SafetyProviderID of the SafetyProvider this SafetyConsumer uses to make a connection, see Figure 8 and 3.1.2.15. For dynamic systems, the safety application program can overwrite this ID by providing a non-zero value at the input SafetyProviderID of the SafetyConsumer’s SAPI. This runtime value can be queried using the SafetyProviderIDActive parameter. See 6.2.2.6 for details on configured and active values. |
| SafetyBaseIDConfigured | Guid | Any value which can be represented with sixteen octets. | All sixteen octets are 0x0 | R/W | The default SafetyBaseID of the SafetyProvider this SafetyConsumer uses to make a connection, see 3.1.2.14. For dynamic systems, the safety application program can overwrite this ID by providing a non-zero value at the input SafetyBaseID of the SafetyConsumer’s SAPI. This runtime value can be queried using the SafetyBaseIDActive parameter. See 6.2.2.6 for details on configured and active values. See 9.1.1 for more information on GUID. |
| SafetyConsumerIDConfigured | UInt32 | 0x0 to 0xFFFFFFFF | 0x0 | R/W | SafetyConsumerID of the SafetyConsumer, see 9.1.2. For dynamic systems, the safety application program can overwrite this ID by providing a non-zero value at the input SafetyConsumerID of the SafetyConsumer’s SAPI. This runtime value can be queried using the SafetyConsumerIDActive parameter. See 6.2.2.6 for details on configured and active values. |
| SafetyProviderLevel | Byte | 0x01 to 0x04 | 0x04 | R/W | SafetyConsumer’s expectation on the SIL the SafetyProvider implementation (hardware and software) is capable of. See 3.1, 7.2.3.4, and Figure 9. |
| SafetyStructureSignature | UInt32 | 0x0 to 0xFFFFFFFF | 0x0 | R/W | Signature over the SafetyData structure, see 7.2.3.5. |
| SafetyStructureSignatureVersion | UInt16 | 0x1 | 0x1 | R/W | Version used to calculate SafetyStructureSignature, see 7.2.3.5. For the SafetyConsumer, this parameter is optional. |
| SafetyStructureIdentifier | String | “” | R/W | Identifier describing the DataType of the SafetyData, see 7.2.3.5. For the SafetyConsumer, this parameter is optional. | |
| SafetyConsumerTimeout | UInt32 | 0x0 to 0xFFFFFFFF | 0x0 | R/W | Watchdog-time in microseconds (µs). Whenever the SafetyConsumer sends a request to a SafetyProvider, its watchdog timer is set to this value. The expiration of this timer prior to receiving an error-free reply by the SafetyProvider indicates an unacceptable delay. See 8.1 |
| SafetyOperatorAckNecessary | Boolean | 0x0 or 0x1 | 0x1 | R/W | This parameter controls whether an operator acknowledgment (OA) is necessary in case of errors of type “unacceptable delay” or “loss”, or when the SafetyProvider has activated FSV (ActivateFSV). NOTE This parameter does not have an influence on the behaviour of the SafetyConsumer following the detection of other types of communication errors, such as data corruption or an error detected by the SPDU_ID. For these types of errors, OA is mandatory, see 6.3.4.3. |
| SafetyErrorIntervalLimit | UInt16 | 6, 60, 600 | 600 | R/W | Value in minutes. The parameter SafetyErrorIntervalLimit determines the minimal time interval between two consecutive communication errors so that they do not trigger a switch to FSV in the SafetyConsumer, see 6.3.4.3. It affects the availability and either the PFH or PFDavg, or both, of the safety communication link according to this document, see 9.4. |
| SafetyClientImplemented | Boolean | 0x0 or 0x1 | n.a. | R | This read-only parameter indicates whether the SafetyConsumer has implemented the client part of OPC UA Client/Server communication (see 5.4): 1: Client for OPC UA Client/Server communication is implemented. 0: Client for OPC UA Client/Server communication is not implemented. The corresponding Facet is SafetyConsumerClient. |
| SafetyPubSubImplemented | Boolean | 0x0 or 0x1 | n.a. | R | This read-only parameter indicates whether the SafetyConsumer has implemented the necessary publishers and subscribers for OPC UA PubSub communication (see 5.4): 1: OPC UA PubSub communication is implemented. 0: OPC UA PubSub communication is not implemented. The corresponding Facets are SafetyConsumerPubSub and SafetyConsumerPubSubMapper. |