I want to have a guest user for my project, where they can monitor everything normally but they are locked out of controlling (basically modifying any tag values). I know there are a few different ways of doing this in Ignition, but they all seem to have issues.
-
Going to each ‘root Container’ and unchecking ‘Inherit Permissions’, and setting the exempt roles for Disable Events accordingly (so that users can open the window, but not edit anything). The main issue with this approach is that it sets everything to “Disabled” which makes very light (which on that point – is there a way to prevent this? It seems like I would almost never want to use the default component security settings if I cannot change this functionality).
-
Setting the client to read-only (through setConnectionMode) when the guest account is logged in (or when the current user does not have the basic ‘operator’ role). This worked much better since everything looks the same, however the issue here is that I get a message with the tag name and read-only mode that is a bit obtuse to the operators (is there a way to replace this with a generic “please login” message?).
-
The other approach is to set custom access rights for each tag. I’m inclined to go with this approach (though it still has the issue with the obtuse read-only error message), since it gives me the flexibility to assign permissions to roles without dealing with the “Enabled” setting changing the appearance of components. But it doesn’t feel like the correct way to configure the “guest” account, at least it’s not very obvious.
I’m just wondering if there’s something I’m missing in terms of the “right way” to do this, or if not, if there are workarounds for my issues with the listed approaches.