I created a custom security level called "management" and i want roles in identity provider "default" called admin and operator to have this level of security , i typed 'containsAny({user:roles},'admin','operator')' but no response
What do you mean by no response? Have you tested a login with your IdP to make sure the roles you're expecting to receive from it match your security level rule/expression?
How are you trying to use these security levels?
I am testing it by controlling write permission of a memory tag in designer and it gives me error(something like write access denied) in all custom levels
Does the user you're logged into the designer with belong to these roles or security levels you're testing? If not, it won't let you write to those tags. Designer permissions don't always mean you inherently have access to write tags also.
Yes, i am logged in with admin role in same idp,
That is a response.
You need to be precise in describing the setup, what you expect and what you got. Otherwise it's going to be like pulling teeth to get the required information from you.
Show your setup.
Show where you put this.
Use well-cropped screengrabs and post code where appropriate. Please see Wiki - how to post code on this forum.
1 Like
Take it easy mr semi conductor, just i created some custom security levels and from identity provider section , i added security level rules expressions and it is not working , i just need to know how can i test these expressions to make sure it is properly written
Transistor is asking for screenshots of where you've put this. As I've asked, also test a login to the IdP to make sure the roles are exactly "admin" and "operator" when you login. Screenshots of this would help. Also screenshots of how you've configured security on your tags.
The more information you provide, the more helpful everyone here can be, but when you're vague and not providing extra information when we ask for it, no one here will be able to help you out.
1 Like
Yes, i totally understand that, thanks for helping me in my problem, i will provide you with snips in near future
Just i am a bit confused with the security levels under 'authenticated/roles', how it is related to the idp roles ?
Identity providers do not expose lists of known roles/groups. You only get roles after login, and only the ones that user possesses. Therefore, to use roles in security controls, you, the programmer, must tell the gateway what roles you expect to receive that are meaningful to design-time configuration.
That's it. You must populate the gateway's authenticated roles with role names that you wish to use in security configuration elsewhere in the gateway. Because the gateway can't automatically produce this information at design time.
1 Like
yes, i used the custom security levels here in general security section and i had to reset the gateway password 3 times
You should open a support ticket and have IA look over your shoulder.
2 Likes
Excuse me I didn't get what you mean
Visit IA Support's "Help Center" and open a ticket. Then an IA staff member can help you share your screen so they can see what is really wrong.
Always recommended when this forum's volunteers are at our wit's end. (This forum is not formal IA support.)
Ok, i just need to know how the security levels under 'authenticated/roles' related to idp roles, appreciate if you have explanation of how this system is designed
As previously mentioned, when using an IdP, roles come from the IdP. To see how they come in, you'll need to test the login of the IdP from the "More" button of the IdP on the Ignition Gateway page:
Once you login with this IdP (or if you're already logged in with it), you'll get the response with a list of roles like this:
Then if you click on the Security Level Grants page, you'll see how those roles come into your security levels like this:
1 Like
Yes, thanks for clarification
I use an expression with hasRole() on Numeric fields Editable property and Enable property on PushButton and it work well.
