Skip to main content
Version: 8.1

Tag Security Properties

Changed in 8.1.17

In 8.1.17, the Tag Editor was redesigned to improve usability. The new Tag Editor now requires fewer clicks and keeps relevant tag information visible while modifying bindings, alarms, and event scripts. Additional improvements include the following:

  • Only expression bindings now require opening the dialog to change. Tag and Parameter bindings can be edited in-line within the tag editor and are not shortened.
  • Sorting in UDT Editor now sorts folders first, then tags.
  • Users can add tags in the UDT Editor without having to click the root of the UDT/folder.
  • UDT Parameters now show when they are overridden.
  • The Tag Editor uses the entire width allowed to display content.
  • UDT properties are added in-line to bindings now rather than clearing out the content.
  • Property values are now all left-aligned.
  • The Expression editor now accepts drag and drops from the UDT Editor or Tag Browser. Pages detailing features of the previous Tag Editor can be found in Deprecated Ignition Features.

Tag security is often the best way to configure security for data access. By defining security on a Tag, you affect the Tag across wherever it is used, as opposed to configuring component security on each component that displays or controls that Tag.

There are three properties on Tags that can restrict access.

  • Read Permissions: Defines the security levels required in order to read values from a Tag
  • Read Only: Defines whether a Tag is read-only or writable
  • Write Permissions: Defines the security levels required in order to write values to a Tag

Users with specific roles and zones can be given read/write access to a Tag, while other users with other roles are excluded from modifying the Tag.

If a user opens a Perspective view or a Vision client window that has components that are bound to a Tag they do not have permissions for, the user will see an overlay on top of the component. For more information, see Quality Codes and Overlays. The following example shows a tank displayed in a session, but the user does not have read permission for the Tag it is bound to.

Read Only Security​

When a Tag is set to read only, a Lock icon is displayed next to the Tag in the Tag Browser.

Read and Write Permissions​

Instead of making a tag Read Only for all users, you can conditionally provide read and write access based on Security Levels. Doing so involves a adjusting the security settings on the tag in question. The checkbox tree you are presented with will show you all of the security levels configured in the Gateway Config > Security > Security Levels page.

Read Permissions​

Read permissions define the security levels required in order to read values from a Tag. By default, Tags have Read Permissions set to "Public". You can change the Read security using the Tag Browser in the Designer.

  1. In the Tag Browser, right-click on the Tag, and select the Edit icon.
  2. Select the Security section.
  3. On the screen, choose the security levels you want to have Read permissions for this Tag. In this example, only users with role of "Driver" will be able to see the Tag value.


  4. Click Commit to accept the settings.
  5. Click OK to save the changes to the Tag.
  6. If you are logged in as a user other than Driver, you will now see the "Bad_AccessDenied" in the Tag Browser instead of the Tag's value.

Write Permissions​

Write permissions define the security levels required in order to write values a Tag. By default, Tags have Write Permissions set to "Public". You can change the Write security using the Tag Browser in the Designer.

  1. In the Tag Browser, right-click on the Tag, and select the Edit icon.
  2. Select the Security section.
  3. On the screen, choose the security levels you want to have write permissions for this Tag. In this example, only users with role of Administrator will be able to write to the Tag value.
New in 8.1.25

If any security levels under the Read Permissions or Write Permissions sections are deleted from the Gateway, they will appear grayed-out with a red warning underline. A warning indicator icon will also appear in the upper right-hand corner with the number of selected security levels that no longer exist. If you follow the security levels tree up to the parent levels, you'll notice affected levels now include a dotted underline.

The deleted security level and all warning indications are removed when the deleted security level is unchecked and new settings are saved.

Using Security Zones​

In addition to setting up security on individual Tags, you can set up security policies specific to Security Zones. This is useful in cases where you want to make all tags in a provider Read Only from network locations. See the Security Zones page for more details about Tag Access options.