I have questions about how to properly structure user management in Ignition projects, especially as systems grow in size and complexity. At a high level, user management naturally splits into two distinct groups:
- Gateway / Designer users, who can access the Gateway configuration and edit projects.
- Runtime users, who access the system in production through Perspective (operators, line leaders, supervisors, etc.).
These two groups have very different responsibilities and must be securely separated.
As the number of projects increases, the challenge becomes more evident in enterprise environments with multiple factories and repeating processes. While it is common and efficient to reuse the same supervisory project for identical processes by changing parameters, users are not shared between factories. A supervisor or line leader from one factory should not see or manage users from another factory, even though the underlying project is the same. When relying only on User Sources and Roles, the structure quickly becomes difficult to scale:
- Roles grow in number and complexity
- Permissions become harder to maintain
- Context such as factory, process, or unit is hard to model
I’m looking for best practices to:
- Separate Designer/Gateway users from runtime users
- Scale user management across multiple factories
- Add context to users (factory, process, unit)
- Avoid role explosion while keeping permissions clear and secure
Any guidance or patterns for structuring this in Ignition would be greatly appreciated.