Why does the “Required Client Roles” under Designer Project Properties require the person logged into the designer to be a member of the role you specify for the client?
By doing this I can’t use a separate authentication for the designer versus the project.
weertske
This is true. but you can get around the problem by temporally assigning the developer one of the client roles, once the “Required Client Roles” are set you can revert back and all will be fine.
Operator and Supervisor perhaps 
I had thought of that but I found the limitation so cumbersome that I wrote a login script that automatically logs you out if you are not a member of the allowed roles.
yes 
Even though I came up with an alternate solution to my problem, that doesn’t change the issue that “Required Client Roles” is pretty limited for a large operation.
Like many Ignition Integrators, I am a contractor. I may or may not exist within my customers’ LDAP based security system but they will want Client security to be handled through LDAP. The easiest way to handle this is to handle Designer security through default (Internal) and client security through Active Directory. This immediately breaks “Required Client Roles” since the Designer user must be a member of the Client.
Secondly, for the case where both Designer and Client security is handled though LDAP, the inability to use boolean ‘OR’ in the roles means that you have to make all Client users the member of a singular group in addition to the groups that dictate their role in the project. If you have ever worked with a large corporate IT group, they don’t always cooperate when you need another group populated with all the members you want to have login for a particular process.
This is just a bug. It should not work like this, “Required Client Roles” should only apply to logging into the client.
I am glad that it is a bug as it didn’t make sense. Any idea when this will be fixed.
[quote=“weertske”]Any idea when this will be fixed.[/quote]Slated for 7.7.6