Hi there,
I would like to create an option where if a supporting tech is working with main user logged in to the session, then we also record their information to make sure that accountability is to both techs working.
since perspective allows only 1 user log in per session. What is the possible way to achieve this?
Please advise.
Thanks
The same session of what?
Are both logged into the gateway via the web interface?
Or are both running a Perspective client application in browsers on their own PCs?
I am talking practically if 2 operators are required to perform a task, and if only one can log in, how do record the other user? to make sure his name is also recorded with the task being performed.
Whatever you do is going to, effectively, require them to log one user out and log the other in. This would be relatively painless with an RFID badge reader system and a very short auto-logout delay. They could navigate all they want without login but anytime a setpoint is to be changed a login is required.
which will not serve the purpose. @pturmel @Kevin.Herron , any thoughts ?
Well, please describe how you think it could work? How will the computer / application know who is in control?
may be some custom property of the session keeps record.
But keeps a record of what? The users have to do something to identify themselves or else Perspective has to have facial recognition cameras or calculate their finger size on a touch screen. What are you proposing?
Perspective's entire authentication/authorization model is strictly tied to one user being active on a given session at a time.
What you're asking for is fundamentally counter to that philosophy, and basically impossible to do properly unless we did it first party - which, frankly, we're not going to, because you're the first person I've ever seen ask for it.
Seems you may be able to use system.security.validateUser to check if a user is valid and if so, fake log them in (keep track of their user ID locally until "logged out"). Or just open an incognito tab so the second user can log in as a separate session, but that would be more work to correlate to the main session.
Doesn't work in Perspective/IdP context.
The docs might need to be updated if that's the case:
I was about to test it out to see if it would actually work, so I'll provide an update shortly.
EDIT: set up a quick test and it at least appears to work:
This was tested on 8.1.27.
nice! so I can record their username then to a custom property.
and set to null if they decided to log out! thanks
Keep in mind that you have to put in a user source for the third argument, an Identity Provider won't work (as Paul stated).
what is a user source?
See here:
https://docs.inductiveautomation.com/display/DOC81/Classic+Authentication+Strategy
If you have anything but an Ignition IdP (which links up to a User Source internally) you may not be able to use this approach.
what is a user source?
Riddhish, are you aware that Ignition has authentication and security built in? The user doesn't have to log out of the OS - just logout of the Perspective application.
