I am fetching the users and Roles from Active directory. Is it possible to create a security level and group the roles fetched from the active directory. so that i can easily create user access to Ignition gateway
Yes, what I've done is created Vision Client tags (if you're using Perspective you can use Security Levels to map/group security groups to levels). The Vision client boolean expression tags have the following expression as an example:
hasRole('Supervisor') || hasRole('AD-Group-Supervisor') ||
hasRole('Technician') || hasRole('AD-Group-Technician') ||
hasRole('Administrator') || hasRole('AD-Group-Admin') &&
{[System]Client/User/Username} != ''
The last line is required to get the expression to re-evaluate, and you just need to replace all the hasRole() functions with your groups from AD. Then to check security on any components, you can just tag those client tags directly. I also put all these role tags in a folder named "Role" but that's up to you how you want to organize it.
1 Like
ok.
But is it possible to group the roles from active directory and create a security levels based the group to give permission for the users in that group to access Gateway config page and Designer access permission?
If you're using any configuration that uses levels instead of roles, you can create rules to link the 2 together.