Tag Permissions

WillMT10 · March 28, 2016, 9:53pm

Currently, I am trying to configure tags in the Designer so that only certain roles can change the tags. Using the tag permissions I can lock down the tags but only when someone is trying to write to them in the client. I would like to also prevent the same roles from writing to those tags while in the Designer. Is this possible without setting them to strictly “Read Only” for all roles?

The reason I would like to do this is I have a new hire at our company who is learning to use Ignition. I want him to be able to see all the tags, read values from them, build components that point to these tags, etc. But I don’t want him to be able to write to any of the PLC tags while in the Designer or the Client because he is still learning (accidentally start a pump, etc). I have been able to lock down the provider and the clients, but he can still write to any of the tags while in the designer.

Is there a security option I’m missing somewhere?

Thanks,
-Will

rrdiggy76 · March 28, 2016, 10:11pm

There is a ‘Tag Editing Role(s)’ option in the gateway under Configure>Tags>Realtime

The description states;

“Users must belong to one of these roles in order to edit this provider’s tags in the Designer. Multiple roles can be specified by separating them with commas. If blank, tag editing for this provider will not be restricted in the Designer”

I’ve not tried it myself, but may be worth a look??

WillMT10 · March 29, 2016, 2:19am

Thanks for the response rrdiggy76! I’ve actually tried this. Unless I set up something incorrectly, it appears that this setting only affects editing the tag properties (i.e. - Name, Scan Class, Permissions, Alarms, History, etc) but it does not prevent those same roles from actually writing to the tag value.

This gets me almost to where I want to be, but I would also like to restrict them from changing tag values while in the Designer so that they do not accidentally change a process value in the PLC.

Thanks again,
-Will