Prevent a user from edit a project

Hi All,

This is the situation:
I have Ignition installed on a Server and 7 clients.
There is 2 company that can access the gateway.
How can I prevent the users of the other company from editing my projects?

Cheers,

Use role-based permissions. docs

Thanks for the tip :slight_smile:, this is helpful, but I have some perplexity.
I can block other users with different roles then mine, but I must leave to the other company the access to the “Gateway Settings” since they have to create OPC connection, create PLC device etc… so they can easily go to “gateway settings” and change back to default all options, or even create a user with the proper roles to edit, save, delete resorces on my projects.
The other solution I thought is to use a DB as “System User Source” and delete all the current users/roles from the defalut one, but there is still one issue… they can go to “Tools - Database Query Browser” and view my users/roles table.
Also is it possible to restore the user access to defalut?

At some point on a shared resource, there is either trust or there isn’t. If it’s really an issue then they should have their own server instance.

1 Like

You mean another gateway with another license?

Yes. You could limit the number of admins on a single server to 2 (you and one admin for the other company), but you still have to trust the other guy. If you can’t, then the only way to isolate them is to put them on their own server.

This is true of any shared resource, not just Ignition.

2 Likes

If I use a DB as “System User Source” and then HASH the password? Will this work?

If you give them gateway administrator permissions for the web interface, there is no way to prevent their access out of bounds. Its exactly like giving admin privileges on a domain – that user can do anything they want. Trust them or set up another server. Period.

1 Like

Ok, thanks to all for the help :slight_smile:

It’s also worth keeping in mind that any user that can use the designer to write and execute gateway scripts can invoke Module SDK APIs to enumerate the entire gateway. Ignition’s role-based access controls are really just speed bumps if one has designer access. If your customers have any legal obligations to secure their data, you certainly need to put them on their own server.

4 Likes

2 posts were split to a new topic: Missing scripting functions