Limit the projects that can be seen on the Vision Launcher

Is there a way to limit the projects that can be seen on the Vision Client Launcher?

If you set a project to “disabled” then it should not show in the Vision Client Launcher, though it will still show as an editable project in the Designer. Please note that disabling a project will result in the project not being runnable.

Setting a project to “inheritable” should have the same effect.

We have many projects on the specific gateway where we have some individuals that only need access to one whereas other needs access to several. It would be preferred if you could have the launcher show projects for specific groups of people (i.e. roles/groups) since the old way with 7.9 web browser launcher it allowed to have a specific icon that just started the project that would pertain to them.

@john.schlottke

Locking down which projects are visible by user is not feasible at this time (make your case on the ideas forum if you feel adamant about it, but the tech hurdles are quite high) However, you can lock the launchers configuration once you have configured it. If you edit the config json for the launcher (designer-launcher.json for the designer, vision-client-launcher.json for the vision client launcher in .ignition/clientlauncher-data) there is a flag in the global object called "lock.configuration". if you set that to true it limits the modification of the launcher

Hope that helps,
Jonathan C

Thanks for the information

Are u able to augment these files such that only specific projects show up in the vision client launcher or is this just for locking down the gateway info?

I see this global lock.configuration but don’t know where this should be chnaged (i.e. on gateway) since if we chnage it on local PC and import it it doesn’t work. Really trying to limit users going to settings tab and adding application/projects they should not have access too

Can someone help me understand on how to deliver the client launcher with a locked down view such that they can’t go into settings and only see one project. I am really looking to understand the process before I can roll this out to my user base.

The key word is "can't". Locking and obfuscation are possible but easily subverted by any power user. This is not new to v8 -- it has always been true of Ignition. Security can only really be enforced at the point of login.

1 Like

What’s the point of being able to set the "lock.configuration": true if anyone can go and edit this parameter??

lock configuration prevents the user from doing any edits to the launcher in the launcher UI. this includes adding projects, setting the launcher settings, modifying the configurations of each launch-able project etc. The user can definitely go into the file system and change this field to true and be able to change anything they like. This is a field for your general user, not a power user. This is where properly configured User Roles can be your friend to limit users’ access to a specific project.

Not sure why you even have this locakble setting if anyone can go ahead and edit there own file to make chnages etc… It would of made more sense if as an adminstrator that you could set which projects are viewable and lock settings in order to be able to release client launchers that are setup and no one can mess with. I completely agree with user roles and accounts but the point here is to ensure they cannot even get to settings and see projects that don’t pertain to them.

You just hand-waved away every thing that makes it complex. Who's an administrator? How is that determined? Where is the config stored? What mechanism makes it so the user can't edit it?

Nevermind the fact that anybody can get a list of all projects using the same URL the launcher does to list them, and anybody can run the same command the launcher does to launch a client or designer pointing at whatever project they want from that list.