We develop and deploy Ignition projects for our clients. After the project is deployed at the client's site, we would like to prevent unauthorized modifications to the project.
What is the recommended way to lock or secure an Ignition project so that:
Operators can use the application normally.
Client users cannot open the Designer and modify project resources.
Project source code, scripts, and configurations remain protected.
Only our team can make future changes and updates.
Are there any best practices regarding:
Designer access restrictions
User roles and permissions
Gateway security settings
Project inheritance/protected projects
Backup and restore protection
Licensing considerations
We are looking for the best approach when deploying projects to customer sites.
The best approach is not to lock the project down, the customer paid for it, the customer needs it and if you lock them out you're disadvantaging them. Get them to pay you for the IP you are developing, grant them a perpetual license to that IP, explain that any warranty is void if they modify it, and let them develop their own solutions on the servers alongside yours. Get them to pay you for support when they need help working with it.
I have many times unlocked servers of all types where customers have paid for the development time and IP and the integrator has tried to lock them out to extract more money or lock themselves in as exclusive. It guaranteed the integrator was on a blacklist permanently from that point onward.
In general, the most protection you can get is to make a 3rd party module with the SDK to encapsulate the most critical functionality as scripting or expression functions or custom UI components.
You SHOULD restrict access to only authorized users. A user account or group (within chosen IdP) should be created for administrative access to the system.
This should be at the direction of your customer. They should ultimately have the keys to manage access, including the ability to restrict / remove your access.