Designer/Tag Security - Second Instance?

Here’s my scenario:

I have a tag database with our SCADA-like systems in it. I’m kicking around using Ignition to drive some digital signage that would be edited by other people. I’d like to ensure they don’t screw with my tag database. I don’t have a problem if they can see it, I just don’t want to move anything or change the properties.

I know that once you are in designer, you have full access to edit any project and tag database that is configured on the system. I’m not as concerned with them changing the other project - just the tag database.

Can I create a second “instance” that runs on different port numbers? I do need read access to my sql tag database from this second instance - can this be done by setting up a Database Provider in another instance?

Anyone?

Why not just create DB tags, and create a “designer” client project to edit those tag strings?

Hi,

Sorry for the lack of reply. I saw this when you first posted, and wanted to see what I could think of, but failed to get back to it.

So, you want them to be able to edit the windows shown on the display, but not the tags, correct? Or are you simply trying to edit some of the tag values, but not the tags themselves? In this latter case something like Kyle said would be good, but in the first case, I’m not sure there is currently a good answer. The first thing that comes to mind is that perhaps we could add an option to limit tag editing to certain roles, so that you could create a login that was allowed in the designer, but not allowed to modify the configuration of tags. Would this be sufficient?

Regards,

Does it make sense to implement a tag level design security structure as opposed to a larger developer/designer permission structure? I'm referring to design control permissions for: projects, windows, transaction groups and other such objects in addition to tags. To me it doesn't make sense to just do tags, unless that is somehow more significant than the others and/or much more natural to implement.

Feature request created :slight_smile:

Yes, I really like the idea.
+1 for feature request !

I’m potentially facing a similar issue as the OP. Multiple project owners: 1 gateway.

I’d love to see role-based security for projects, tag providers, db connections, opc servers, etc.

Thanks,

Dan

1 Like

I know this is an old topic, but did anything ever happen with Nathan's suggestion that Ignition have a developer/designer permission structure? I have vendors that need access to their project on my Gateway and I am adverse to giving them access to the other projects.

[quote="nathan"]Does it make sense to implement a tag level design security structure as opposed to a larger developer/designer permission structure? I'm referring to design control permissions for: projects, windows, transaction groups and other such objects in addition to tags. To me it doesn't make sense to just do tags, unless that is somehow more significant than the others and/or much more natural to implement.

There have been additions made to the security of the designer. You can find additional permissions settings in Project Properties. Additionally, tags providers can require certain roles as well. This is configured in the Ignition Gateway by editing the tag provider you would like to associate with a role.

1 Like