Hello,
I was unable to find anything related to this topic that was recent so I figured I would ask.
If we have a perspective project hosted on a server on our LAN and then have the same project on our cloud gateway (private azure cloud) can we restrict a few things listed below:
A few pages we create we would rather not put on our cloud project, but we want them in our main project.
We would also like to restrict it down to certain lower-level roles to limit functions.
We will use the EAM module for keeping things in sync. If at all possible, I would rather not have to create a separate project that is identical minus the few pages and roles taken out. That seems like it would be difficult to manage, and the suggestion from a 2018 post about not requiring a login on a status page.
Our team just want to be able to restrict access to certain portions and functions of the project when we are outside of our LAN. Thanks for any help or suggestions in advance!
You need security zones:
https://docs.inductiveautomation.com/display/DOC81/Security+Zones
Configure a zone for your LAN, then you can use a mix of security zones and roles to define security levels.
Once you have security levels, you can use the isAuthorized expression function (or its python alternative) to allow/deny access to resources.
Or the built-in view permission:
1 Like
I went and read the document and that looks like what we would want to do. My question is would the information on the LAN project server and the cloud project server then remain the same? And more the question is does cloud server reach back to main project server to check say user role information and alarm pipeline information? Our main concern is putting emails and phone numbers in the cloud.
Thank you for the help!
I guess it all depends on how things are set up ? Can you describe it ?
I don't know much about architectures and infrastructures, but if you can be accurate enough, surely someone around here will have the answers you're looking for.
