Is there any way to determine the current Security Zone from a tag or script?
I want to enable/disable buttons based on Security Zone.
It seems like this should be a client tag.
I have the same question. I don’t see a reply to this post. Did you figure out a method? If not, please vote for my feedback on this topic at
http://ideas.inductiveautomation.com/forums/255378-ignition-features-and-ideas/suggestions/19629994-security-zone-client-tag
1 Like
Good news! In Ignition 7.9.4, the security zones for the client will be combined with the user’s roles, so that you can use the standard vision security settings for both roles and zones.
For example, let’s say you logged in a user with Roles R1 and R2, who was in Zone Z1. They would end up with the following roles:
R1
R1@Z1
R2
R2@Z1
3 Likes
we need a 2-thumbs-up icon for this feature.
1 Like
Was this feature implemented in 7.9.4 and how do we access it? We have not been able to find it.
Yeah, it’s in there, but only for the new client security settings added in 7.9.4 (Project Properties / Client / Permissions) We still need to backport the concept into the component security settings.
Any developments on this? I was hoping to use Security Zones for a project with strict requirements for inactivity timeout that is based on security zone
Soo.. I hate to revive an old post, but I'm still not seeing this working in 8.1.0?
I have a security zone defined and the PC i'm running my Designer on (the gateway) should have this zone, but when I look at the tag [System]Client/User/RolesString I see no mention of the security zone I only see the roles themselves that they're been assigned. When I try to use hasRole('Maintenance@Gateway') where "Gateway" is my test security zone, I also get a false.
As with others here, I want to use the security zones in order to lock functionality out on particular screens if they're not part of a zone, but at the moment I don't see this as being possible (without maybe configuring this security on the tags themselves, but I then there's no indication on the screens as to why they can't write and buttons are still enabled)
Ah, I just had an issue where specifying role@zone in Project Properties > Vision > Permissions > Alarm Management wouldn’t work. I couldn’t acknowledge alarms. Weird because the autocomplete suggestions listed role@zone roles as well. In my case, the only zone is Default.
Executing system.security.getRoles() within the Vision context only shows roles without the zone suffix.
Edit: I’m on 8.1.15
Edit 2: Could it be related to the auth strategy?
