I need some advice on securing a parent project. My company is hiring venders to build custom equipment for us. I am providing them with a parent and child project for their development. I thought the parent project was secure, requiring a specific role for the user as well as blocking overrides so they cannot open and look at the IP. Well one of our vendors found a way around it. Essentially, they created a new project and imported both the parent and child projects into it. By doing this they could see everything that was "protected".
My question is, is there a way to stop this from happening in the future? The parent project is to be used with many different projects and if one vendor changes it, their project might be broken.
If I were tasked with development using resources provided to me, I'd likely need to have access to those resources to ensure proper integration. If there are other aspects of the parent project which are 'proprietary', If might be best to strip those resources out before handing over the remainder of resources.
Would it be an option to host a development gateway, which contains only the resources they should have access to?
No. Designer role requirements are guard rails. Anyone to whom you grant actual designer access will be capable of total control/subversion of your gateway.
If you cannot trust your hired help, you will need to make them develop in their own environment, where you give them just a skeleton to work with.
Its not a matter of trust, there are plenty of NDAs in place, plus they will not have access to our gateway. For their development they receive the parent project and the child project, and they are supposed to develop on their own gateway, in the child project. I do not want them to be able to change any of the templates I am providing. When I go and integrate their work into our system, I will be using my master copy of the parent project.
Ignition does not offer the security controls you seek. Full stop.
Anyone with designer access to a gateway can run arbitrary code in gateway scope.
If you limit what you import into your own environment, and its functionality there is the test for payment, I don't see the problem.