Project Security in Designer and Gateway

Control Project Edits by Role

When several users are all working on the same project, managing changes to the project can become cumbersome. By default, all users with Designer access can modify, delete, save, and publish all resources available in the Designer. In some situations, it is desirable to limit what each user can do in the Designer. Ignition has several built-in Designer restriction methods to help in these scenarios.

Designer Project Permissions

Actions such as viewing, saving, publishing, deleting, and editing of project resources are restricted to users who who have sufficient roles to do so. Editing of the these required roles is done in the permissions section of the project properties dialog in the designer. If required roles are not set for an action, then all users with Designer access can perform the action. Note that the designer does not poll for role changes, so if a user who is currently logged into the Designer has their roles changed, they will need to re-launch the Designer for the new role(s) to take effect.

Controlling who can Edit a Project

You can control who gets to login to a project by assigning roles and giving permissions to those roles in the Required Designer Roles property which you set up in the Designer.

To access the Required Designer Roles property

  1. In the Designer, choose Project > Properties.
    The Project Properties window is displayed.

  2. Go to Project / Permissions page.
    In the text boxes on this page, enter a comma-separated list of role names that are required to access the project.

    images/download/attachments/6046987/required_designer_roles.PNG

The following table describes each of these five options

Option
Affect

Publish

User must have at least one of these roles to publish the project.

View

User must have at least one of these roles to view the project in the Designer.

Save

User must have at least one of these roles to save the project.

Delete

User must have at least one of these roles to delete the project.

Protect Resources

User must have at least one of these roles to access protected resources.

Restrict Project Creation

The ability to create new projects can also be restricted by role. In cases where multiple users have designer access, this property can prevent each user from creating a large amount of 'test' or 'sandbox' projects. This Create Project Role(s) property can allow users with one of the specified roles to create new projects on the Gateway. This is ideal for production systems where you don’t want other users creating new projects.

On the Configure section of the Gateway, go to Configure > Gateway Settings, and scroll down to Create Project Role(s). Enter a role that users should have to create a new project, and click Save Changes.

Protected Resources

Once a resource has been created, such as a Window or Alarm Notification Pipeline, it can be locked or 'protected'. A protected resource is flagged as such, and informs users that it can not be modified when an edit is attempted. Furthermore, the ability to edit a protected resource can be limited to specific roles, thus ensuring that only certain users can make changes to the resource. This is commonly used in scenarios where a window is 'finished' and no further changes should currently be made to it. This lets other users with Designer access know that they should leave the resource alone.

For more information please see the Protecting Resources page.

images/download/attachments/6046987/editting_protected_resource.PNG

In this section ...