The datalayer permissions allow full access to the datalayer, without reglementations. These includes all nodes from ethercat, plc or scheduler. Since the functionality of these apps is realized using datalayer. It means you can change all settings, including deletion of master instances. If you want to create a user accounts with restricted access to the datalayer, you can define restricted permission scopes, see: https://docs.automation.boschrexroth.com/doc/2276122339/einfuehrung-und-uebersicht/latest/de/?searchString=datalayer%2Fsecurity%2Fscopes This allows you to limit the access to certain nodes in the datalayer. Be aware that certain functions, e.g. configuring axes, not only requires permissions under motion/** but also on fieldbusses/** and others.
... View more