Hello,
I was wondering if there is any option for restricting access to ignition designer projects / gateway in some way. We often come across junior developers or auditors who need to be able to view the code/overall project structure but not make changes in the project / gateway. Giving them admin credentials doesn't feel secure especially for projects deployed in production.
Any approach for handling this situation is welcome.
Thanks
No, not really.
Spin up an isolated test environment, dump the latest gateway backup into it, and let them explore. (Do make sure the environment is truly isolated from production devices and databases, though.)
Fundamentally, there's no way to give someone access to the capabilities of project resources in the designer that isn't equivalent to "full code execution with whatever privileges the gateway has" - so if you don't trust people with that access to your production gateway, don't give them access to the designer.
It's definitely an area ripe for improvement in future versions of Ignition, though.
Yep, restricting access sounds easy... but there are many particularities in large organizations... it's not black and white.
Students who want to learn, auditors who evaluate your systems, developers who only work on a specific project, people who only design interfaces, consultants who investigate our systems for finding bugs...
Nowadays everyone has access to everything; they can modify anything, access private database credentials, delete projects, modify roles and users, etc.
It is a compromised situation in large companies, where the complexity, dimension and, therefore, associated risk is generally higher.
With two clicks, an inexperienced trainee can stop a plant and with three clicks delete the entire project.
Yes, but it's hard not to blame the process that allowed an inexperienced trainee to access a live production system instead of an offline development system.