Security in Perspective is managed through Identity Providers  (IdP). IdPs offers a way for users to log in to Ignition using credentials stored outside of Ignition. This level of security is set up through the Gateway. Setting up Security is covered in the Security section of the User Manual. 

Once you have an IdP set up as well as  Security Levels , Security Level Rules , and User Grants there are additional ways to control security for the following:

  • Perspective Sessions
  • Perspective Views
  • Event actions on Perspective components

On this page ...


Perspective Sessions Security

For each Project, you can set the security for an associated Perspective Session.  When you select the security levels, you are granting any user with that security level access to the Perspective Session for that Project.

  1. In the Designer, select the Project Properties on the Project menu. Select Project > General. 

  2. In the Identity Provider field, use the dropdown to select the IdP you want to use or to select the default user source.  



  3. Scroll down to select Perspective > Permissions
  4. Expand the tree to view the security levels you want to be able to access this project in a Perspective Session.
  5. Click the check box next to each of the security levels you want to grant access. 



  6. Click OK to save all of the Project Properties changes. 

IULocgo

Requiring Authentication


Perspective Views Security

You can set the security for an individual View in Perspective. When you select the security levels, you are granting any user with that access to the Perspective Session for that Project.

Note: Note that you must have the IdP selected in Project Properties > Project General.

  1. In the Project Browser, right-click on the view and select Configure View Permissions...



  2. On the Edit Permissions screen, click the check box next to the Roles that will be able to access this View. 

  3. Next, click the check box next to the Security Zones that will be able to access this View. 

  4. Finally, choose one of the radio buttons at the bottom of the screen to indicate whether the user much match all of the required security levels you've checked or if matching at least one is enough.

    In the example below, a user must have either the Administrator security level, Plant1 security level, or be in Ridgefield East to access this View.

    Administrator and Plant 1 Roles checked, Ridgefield East Security Zone checked, and At least one of the security levels required option checked.

  5. Click OK to save the permissions for this View.

IULocgo

View Security


Event Actions on Perspective Components

All Perspective components can have event scripts. These are scripts that run on an action, such as when the user clicks with the mouse on a component. For more information about event scripts see, Perspective scripting. Security can be configured on events. In the following example, set security for the action of clicking on a Button component in the Perspective View.

Note: Note that you must have the IdP selected in Project Properties > Project General.

IULocgo

Script Action Security

  1. To add security to an event on a component, right-click on the component then choose Configure Events...

  2. The Events Configuration screen is displayed. Many different types of events can be set for a component. For this example, choose Mouse Events > onClick.
  3. Under Organize Actions, click the Add  icon, then select Script from the list.



  4. Click the Security Settings  icon near the bottom of the screen. 
  5. Click the check box next to the security levels you want to grant access. In the example, we checked Administrator and Line1Oper for the security Roles. Then, we chose the requirement option that at least one of the security levels for the user must match for access. This means anyone with Administrator or Line1Oper security levels will have permission to run the script associated with the onClick event on this button.



  6. Click the Security Settings  icon to close the window, then click OK.


Using Component Bindings to Check Authorization

Component bindings can also be used to determine if a user should have access to a certain component. For example, if a component has an "Enabled" property that you want to toggle based off of security levels, then can simply apply one of these approaches.

Using isAuthorized in an Expression

The simplest method involves configuring an expression binding that uses the isAuthorized function. 

isAuthorized(false, "Authenticated/Roles/YourRoleGoesHere")

In the image below, an isAuthorized function expression binding is configured on a Button's enabled property, which causes the property to change to "false" if a user doesn't have the specified security level. This has the additional benefit of preventing the onActionPerformed scripting event from triggering in cases where a user doesn't the security level. 

Using Session Props to Check Roles

Alternatively, a script transform can be used to examine the session.props.auth.user.roles property to determine if the current user has the desired role. In this case, we can configure a property binding to the roles session property, and use the following line in a script transform:

return "Administrator" in str(value)



Deleted Security Level Indicators

The following feature is new in Ignition version 8.1.25
Click here to check out the other new features
Since security levels are set through the Gateway, it may not be immediately obvious that a security level has been deleted. This can be checked quickly in the Designer by accessing the Project Properties and navigating to Perspective > Permissions. In the example image below, the Plant1 role has been deleted. This is indicated by the security level, and any child levels, appearing grayed-out with a red warning underline. Hovering over the security level displays a tooltip informing the user the security level no longer exists on the Gateway. A warning indicator icon will also appear in the upper right-hand corner with the number of selected security levels that no longer exist. If you follow the security levels tree up to the parent levels, you'll notice affected levels now include a dotted underline.

All warning indications are removed when deleted security levels are unchecked and new settings are saved. Additionally, the deleted security level will no longer be visible.

These security level indications are visible on the Event Configuration, Edit Permissions, and Tag Editor windows when applicable. 



  • No labels