Security on User Actions (e.g. Buttons) in Perspective

The Ignition Manual describes using Security Settings on a Script in the Event Actions, and using Component Bindings to Check Authorisation as two ways to restrict functionality to authorised users. Is there any difference in using these two methods? For us, it has been easy to use Component Bindings to disable a button, for instance, and then let the Button Style indicate this function is disabled. I'd be interested to hear if there are any drawbacks to this approach?

One is frontend, the other backend. Frontend security is subject to manipulation by developers (and hackers) with browser dev tools. But front-end security is visible and intuitive for your users.

Use both.

3 Likes

Thanks for that. Would I be right in thinking that backend security cannot be configured at runtime, e.g. where we use a faceplate to control a motor but need to provide permissions based on the use case, any backend permissions would be fixed, however we can still adjust the frontend permissions via bindings?

Scripted backend security checks can be entirely dynamic.

Got it. I was looking at the Event Security Settings, which appear to be set and forget.

Thanks @Anna_Smith and @pturmel.