Hi Everyone,
I've been working on setting up security settings similar to what PlantPAx uses (not exactly the same, but along the same lines).
My goal is to define multiple roles, such as:
- HMI_Operators (A)
- HMI_Operating Supervisor (B)
- HMI_Maintenance (C)
- HMI_Maintenance Supervisor (D)
- HMI_Engineering (E)
...and so on.
In addition to these, I want to create a custom role (or security tag) — for example, AlarmAck — that includes roles C, D, and E (i.e., HMI_Maintenance, HMI_Maintenance Supervisor, and HMI_Engineering).
The idea is to simplify HMI authorization logic. So instead of writing something like:
isAuthorized(true, "Authenticated/Roles/HMI_Maintenance",
"Authenticated/Roles/HMI_Maintenance_Supervisor",
"Authenticated/Roles/HMI_Engineering")
…I would like to just use:
isAuthorized(true, "Authenticated/AlarmAck")
To do this, I tried creating a custom security level called AlarmAck and added security level rules with the following expression:
However, when I test isAuthorized(true, "Authenticated/AlarmAck"), it always returns false, indicating that I don’t have the required access.
Am I doing something wrong in how I'm setting up the security level rules?
Is there a better or easier way to implement this type of role grouping in Ignition?
Thanks in advance!