After connecting a local UAExpert to an SBX Ignition environment, The clients have read access to these two system tag folders/providers:
Is there a way to hide these two folders/providers from connected clients? Obviously, you can hide the read access from the created tag provided, but these two default system tags seem to have an option for that.
Using Ignition 8.1.38 (Linux)
No, Exposed Tags is pretty much all or nothing right now.
In 8.3 we've added role-based access controls and the ability to hide/show things at the provider level, but even then your system tags would still be accessible if the provider was accessible to that user.
So, we can't hide either the system or server tag folders in the current Ignition versions? even if we want to just disable it for all users?
When referring to 8.3, which Ignition version is that? Is that separate from the 8.1 updates?
You can disable the Exposed Tags feature, which removes the entire Tag Providers folder. No further granularity. The Server object is a standard OPC UA object that is present in every server. Its visibility will never be modifiable.
8.3 is the next major release of Ignition and is currently under development. It won't be available until early next year.
The System and Server both only read access by default, correct?
By default and there's no possibility to configure it otherwise.
edit: there might actually be one writable tag inside the Server hierarchy somewhere, to enable and disable the OPC UA diagnostics within the server.
Would love to know more about that tag if it exists.
I also found this in the Service Security under the Security tab:
Could it be used to disable the system tag folder?
No, none of that configuration is relevant to the OPC UA server.
Is there any confirmation on the writeable tag that could disable the OPC UA diagnostics?
