Designer Comm Read/Write Disable Based on Role

I was wondering if it’s possible to limit the ability to turn on the Comm Read/Write in the Designer based on the role of the logged in user. I know you can have the Designer launch in Read Only, but it doesn’t seem like there’s any way to prevent someone from turning it to Read/Write. The worry is that if we were to have one of our interns or more inexperienced engineers work on graphics, they could inadvertently turn the mode to read/write and write down to the PLC’s on the floor. I was looking for a way to make this a Protected Resource, but it didn’t seem like that was an option. Any help would be appreciated.

I may be wrong, but I don’t think that ability exists.

You have the ability to lock down the designer to specific rules under the Gateway Settings but once you’re in the Designer, aside from the Project Permissions (publish, view, save, delete, and protect resources) there doesn’t seem to be the feature you’re looking for.

That said, you might be able to do it by using Security Zones and setting the security policy for tags in that zone to read only? In theory, if the person accessing the gateway is using an IP that you’ve locked down, they shouldn’t be able to write. I’ve never done that before so please don’t take my word for it; I have a suspicion that once you’re in the designer, you can read/write to tags without restriction.

Thanks for the feedback. What you mentioned does actually work. On the tag itself, I set one role to read only and another role to read/write and it worked as expected. This would require every tag to be setup like this, which isn’t the end of the world. Thanks again for the response.

Ah great, you’re right though, it would be great to have a global setting so we don’t have to set up every tag like that.