Vision Client Hostname/IP/MAC based permissions

Hey folks,

We're working on a project using vision clients for the plant floor HMIs. Each client is dedicated to a specific work zone and we'd like to restrict these clients to control of their respective zones (ie: view the whole project, only control a subset of screens). They will still need an authenticated login, but the idea is to stop a worker in Zone A from changing settings in Zone B.

I can implement something using expressions or client startup scripts with vision client tags to evaluate the IP / Hostname / MAC, and that should be easy enough to implement in tandem with the standard user security. However, I am worried that these tag values could easily be overridden by modifying the client launcher.

So the ask; is there a better way to go about doing this? Something more secure or embedded in the security functions? Security zones didn't seem like the appropriate use case here, open to suggestions.


I would use the MACs to uniquely identify the machine, passed back to the gateway with system.util.sendRequest() to retrieve the settings you wish to lock in. Save that in a top-level variable in a project script module. Retrieve into each window where needed with a non-polling runScript() expression. It would be rather difficult to hack. Certainly not hackable via client tag initialization.

1 Like

Thanks, Phil.

Would not have come up with that on my own, sounds like a good solution. I'll give that a shot and see how it works.


That worked, thank you again for the recommendation.