Enable or Disable Auto-Login according to OSUsername

We have an application running on a production line which we want to auto-login. But the same application is also avaliable for supervisers on their desktop pc. All the controls in the application are Enabled according to hasRole(“Operator”) but since the application is set to auto-login, all the other peoples has acces to the controls. We would like to enable the auto-login, only for the Production line operators using the OSUsername system tag. How should we proceed to acheive that?

Using an Active Directory user source we’ve used Enable SSO Login (bottom of picture). Rolls are handled in Active Directory Groups. Rolls that should be allowed to launch the project are put in the Required Client Rolls (Project Properties → General → Required Client Rolls). Our production stations automatically log in because their user is a member of one of these rolls. Desktop users who are authorized are automatically logged in because they are part of a different, but still authorized roll. Everyone else is directed to the login screen where they have the opportunity to supply credentials for an authorized account.

You could also, using a client startup script, look at the hostname, and if it is not in the approved list, logs out the user using system.security.logout().

Thats what i’ve been trying to do for last hour.
How can i read the [System]Client/User/OSUsername in the startup script? every thing i’ve tried didn’t worked

user = system.tag.readBlocking(['[system]Client/User/OSUsername'])[0].value
1 Like

Traceback (most recent call last):

File “”, line 1, in

AttributeError: ‘com.inductiveautomation.ignition.common.script.Imm’ object has no attribute ‘readBlocking’

We are using Ignition designer 7.9

Important information:

user = system.tag.read('[system]Client/User/OSUsername').value

It worked… i did try this but i guess i had syntaxe error


OK here is what i finally did:
Client Startup Script:
winuser = system.tag.read(’[system]Client/User/OSUsername’).value
if winuser == ‘operator’ :

That did exactly what i wanted
If the OSUser is not correct, the client fall in read only mode.

Thanks for your help