Currently all projects are in the cloud gateway.
If the client want their engineer to be able to access one particular project, is it possible to create the required user role/limit in ignition?
- the client account can open the ignition designer.
- the client can choose to open the specified project in the project list only. It's ok that they can see all projects.
- the client can view/edit the perspective views of the project. Ideally we don't want them to be able to view the shared resources, like tags, scripts.
- if we cannot hide the shared resources, is the audit log able to track who and when the user made changes to the tags, scripts?
I would look up the security zones and security levels, you could define each of these resources to these zones/levels and assign the client's user to those levels as appropriate.
You can set roles in a project for designer access. But once in the designer, there's no limits. Also, a user with any knowledge of the platform can create and use gateway message handlers that subvert the entire system. The designer restriction is therefore a guardrail, not a hard security limit.
Don't give designer access to untrusted individuals.
Also note: Ignition explicitly does not support multi-tenant operations. It isn't forbidden, but it is not a design criteria for the platform and some things are utterly inappropriate.
4 Likes
Thanks.
It looks like I will have to say no to client's similar request.