Vision Client Hostname/IP/MAC based permissions

AIO · February 11, 2023, 12:37am

Hey folks,

We're working on a project using vision clients for the plant floor HMIs. Each client is dedicated to a specific work zone and we'd like to restrict these clients to control of their respective zones (ie: view the whole project, only control a subset of screens). They will still need an authenticated login, but the idea is to stop a worker in Zone A from changing settings in Zone B.

I can implement something using expressions or client startup scripts with vision client tags to evaluate the IP / Hostname / MAC, and that should be easy enough to implement in tandem with the standard user security. However, I am worried that these tag values could easily be overridden by modifying the client launcher.

So the ask; is there a better way to go about doing this? Something more secure or embedded in the security functions? Security zones didn't seem like the appropriate use case here, open to suggestions.

Cheers!

pturmel · February 11, 2023, 4:05am

I would use the MACs to uniquely identify the machine, passed back to the gateway with system.util.sendRequest() to retrieve the settings you wish to lock in. Save that in a top-level variable in a project script module. Retrieve into each window where needed with a non-polling runScript() expression. It would be rather difficult to hack. Certainly not hackable via client tag initialization.

AIO · February 13, 2023, 2:06pm

Thanks, Phil.

Would not have come up with that on my own, sounds like a good solution. I'll give that a shot and see how it works.

Cheers

AIO · February 13, 2023, 5:03pm

That worked, thank you again for the recommendation.