Perspective: Error using hasRole(...) with only 1 argument

Yep. The benefit also to using a forward-thinking company’s software :wink:
Every other SCADA package that I (try not to) use is still using forum software from what feels like the 1800’s

3 Likes

In my case, I have found that referring to the IdP does not work:
hasRole(“SupervisorRole”, {session.props.auth.user.userName}, {session.props.auth.idp})

But specifying my user source by name does mostly work:
hasRole(“SupervisorRole”, {session.props.auth.user.userName}, “TestUsers”)

I say mostly because the hasRole expression only works if the user who is logged in exists in the specified user source. This is a problem if the specified user source is configured for soft failover.

For example, I have two user sources defined - default and TestUsers. My project is configured to use TestUsers*. The user admin only exists in the default user source. TestUsers is configured for soft failover to default, so I can login as admin.

When I run the Perspective session, if I login as admin (who has the SupervisorRole) the hasRole expression does not work. It reports that user admin not found in user source TestUsers.

  • As a side note, I find specifying the user source for the project confusing. It’s shown in three different places and for someone coming from Vision it’s not initially clear that only one applies to Perspective.
  1. Gateway, Config, Projects, my project, Edit, Connections, User Source. I think this only applies to Vision.
  2. Designer, Project, Project Properties, Project General, Security Settings, User Source. I think this is the same as above and so only applies to Vision.
  3. Gateway, Config, Identity Providers, my provider, Settings, User Source. I think this applies to Perspective.
1 Like

I'd suggest this be counted as a bug since actual behavior does not match documented behavior (when using hasRole in Perspective). I actually submitted a bug report before finding this forum thread.

I switched from:
hasRole("Administrator")
to:
isAuthorized(true, 'Authenticated/Roles/Administrator')

Ignition v8.1.39

[Update] I see it is pointed out in the documentation, easy to miss though...

The username and usersource parameters are optional in the client scope, but required in the Gateway scope.

This is the solution I've been using for a long time now, too many forum posts to remember to update them all haha, so thanks