In this respect, user groups having access to different levels can also be formed. Only the respective lowest level to which a user or a user group has access can in particular be indicated in the access control matrix.

The individual users can each be identified via a certificate or via their respective public and private keys.

The access control matrix can preferably communicate with the different levels by means of interprocess communication. In this respect, the DBus known from Linux can be used, for example. The embedded device can preferably use Linux as the operating system for this purpose or can be set up on a Linux-based operating system.

The invention furthermore comprises an embedded device, in particular a programmable logic controller, having a data interface, a processing device, and a memory device. The embedded device is characterized in that the processing device is configured to associate functional blocks of the embedded device with levels disposed hierarchically above one another; and to carry out an authentication on access to a functional block of the embedded device from outside by means of the data interface for the level with which the functional block is associated and again for every single level disposed above the level associated with the functional block before an execution of a function of the functional block is permitted, with the functions of the functional blocks permitting access to firmware of the embedded device and in particular also permitting access to an application program executed on the embedded device.

The firmware and the software of the embedded device can be stored in the memory device, with both firmware and software being executed by the processing device.