Write Permissions Gateway Only

What is the preferred mechanism to have permissions that a tag is writeable by gateway scripting only? Effectly read only by users, writeable by the gateway.

I used this technique successfully since 8.0 days:

It stopped working somewhere between 8.1.33 and 8.1.42, no idea why.

Some background:
I use this to have separate security levels for different command destined same enumeration. E.g. Mode enum (0=Maintenance, 1=Manual, 2=Auto). Operators can put it into auto, from anywhere. Supervisors can put a device into manual, and only technicians can put a device into maintenance.

This is a achieved using booleans with the correct permissions and a tag event script on the boolean UDT member will in turn write the correct ordinal to the enumeration.

I think I found the issue, and it is somehow related to where the original action came from.

If the original write came from the designer or another tag, it works. If the original write came from Perspective, it fails.

See the attached tags and view.

Setup:

  • Security/InternalTag is the enumeration

    • Write secured by a level call Authenticated/Internal.
  • Security/OperatorTagX is the boolean

    • Write secured by a level call Authenticated/Operator

    • Has a change script that when true, will write the corresponding integer to the enum tag Security/InternalTag

  • Give yourself a user grant for Authenticated/Operator

  • Used the attached view for Perspective

From the Designer:

  • Direct manipulation of Security/InternalTag fails. This is expected as we don't have Authenticated/Internal

  • Setting of Security/OperatorTagX works, and triggers the change script that successfully writes to Security/InternalTag and resets self

From Perspective (or Perspective preview view in the Designer):

  • Direct manipulation of Security/InternalTag fails. This is expected as we don't have Authenticated/Internal

  • Setting of Security/OperatorTagX works, and triggers the change script that successfully resets self but fails to write to the secured Security/InternalTag

Changing the write permissions on Security/InternalTag to Authenticated or Public, fixes it all. This is probably insecure

TestSecurity.json (2.7 KB)
TestSecurityView.zip (3.9 KB)