Restrict a device's access to Perspective projects

Hi all,

Using Perspective, Ignition 8.1

We have a project to add a pre-startup checklist to a few machines on our production lines. I have built out the checklist, and am 100% happy with it in its current state. These are going to be displayed on some iPads which will be locked to just the perspective app.

The question of this thread is: Is there a way to, restrict which projects a device can access, without requiring a login? As it stands, any of the iPads can load any perspective project (some of which are password protected), but this is undesirable. Any means of restricting based on MAC address (or IMEI, or some secret code word, or anything else), such that it can all be done automatically, would be great.

Thanks in advance!

Take a look at Security Zones.
https://docs.inductiveautomation.com/display/DOC81/Security+Zones

1 Like

This does seem to be the ticket! I’ve created a Security Zone for each of my iPads, which use the
hostname to identify. I’m struggling to figure out how to set the Security Zone to apply for my projects - I’ve added it to the session props for one project and it doesn’t seem to work. I’m probably missing something, but I will keep trying! Further advice would be appreciated!

I’m also a little bit confused as to exactly which policy settings would prevent a perspective client from launching a project entirely.

image

Update, I have figured it out. In designer, Project > Project Properties > Perspective > Permissions.

One last issue I’m having is that it is not working with the host name, only when I put in an IP. This is an iPad bear in mind, so the “hostname” doesn’t technically exist, but is rather called a “client ID”, unless I am missing something.

Edit: just tested using the hostname of my PC and it doesn’t seem to work with that either (unless the hostname is something other than what is given by cmd hostname

Perspective can only use a hostname if your DNS system can do reverse lookups on the IP addresses of your clients.

{ Prepare to be disappointed at Perspective’s lack of ability to definitively and reliably identify client machines. The “deviceID” is the closest you’ll get, and only in the app or workstation. }

It seems like IP will have to do then, I’ll just have to reserve some IPs and set them statically in the iPads. Not a big deal!

Thanks for the reply

Perspective can only use a hostname if your DNS system can do reverse lookups on the IP addresses of your clients.

So I’ve been tinkering a bit more trying to get this to work with a hostname as it would be much nicer than statically reserving a pile of IP’s. My IT admin has added my PC and android phone to both forward and reverse lookup lists for his DNS server, and I can ping using the hostname ping <hostname> and it resolves correctly for both devices, from several different devices. Perspective still will not resolve the hostname however. This is all on our LAN as well. Any other advice would be appreciated!

Is “Resolve Client Hostnames” enabled?

https://docs.inductiveautomation.com/display/DOC81/Web+Server+Settings

2 Likes

Thanks for point this out, I missed that setting!

To add on for any future visitors, with this setting enabled I still had some trouble connecting via my PC. My phone worked just fine with <hostname>, but what ended up working for my PC was to qualify it with the full domain <hostname.domain.local>.