User Manual







Sepasoft - MES Modules
Cirrus Link - MQTT Modules


Inductive University
Ignition Demo Project
Knowledge Base Articles
IA Support
SDK Documentation
SDK Examples


Ignition 8.1
Ignition 7.9
Ignition 7.8

Deprecated Pages


Sign In

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: small edits


Users and Roles

Security is based on the roles that are assigned to specific users. Roles do not have any structure or hierarchy by default, but can be created. You can create a hierarchy based on users with a greater role being assigned all matching lesser roles. 

There isn't a built-in restriction to the number of roles a user can have, so each user can have access to many roles, or none at all.

titleRoles and Security

It's important to think about the different roles in your project and how they affect the security of your project. For instance, what level of access a particular area of a project needs may determine the functional type roles that you create, and the different users assigned to each role.

You can manage users and roles using either the Gateway interface, or using the the User Management component inside  inside the Designer or Client. This section shows how to manage users and roles using the Gateway interface. 


When using role-based security in a project, the project stores the name of the role as a string. This means that if you were to modify the name of the role in the Gateway, the role-based security in your project will not update to reflect the new name, and instead will try searching for a role with the original name. Be very careful when modifying the names of roles.



Creating a Role

  1. On the Gateway
  1. Webpage, go to the Config section, and choose Security > Users, Roles from the menu on the left.
    The User Sources page is displayed.
  2. Click on the manage users link for the User Source you want to manage.
Image Removed

  1. Image Added
  2. Click the Roles tab
, then look
  1. . Look for the blue arrow at the bottom, and click the Add Role link.

  2. Name the role by entering it in the Role Name field, and click on the Add Role button.
    The role is now available to be associated with specific users.
Image Removed

  1. Image Added 

Assigning Roles to Users

  1. On the Gateway
  1. Webpage, go to the Config
  1.  tab, and choose Security > Users, Roles from the menu on the left.
    The User Sources page is displayed.
  2. Click on the manage users link for the User Source you want to manage.
  3. Click the Edit link for the User you want to edit, or click the blue Add User link to add a new user. (When adding a new user, you can also add their roles at the same time).
Image Removed

  1. Image Added

  2. If you're creating a new user, the Add User window will open. Enter the user's properties including the roles you want this user to have. If no roles have been created, then follow the instructions in the Creating a Role section from above. If your user already exists and you simply want to modify their roles, the Edit User window will open. (The Edit User window and the Add User window look identical). 

    To assign a role, there is a Roles property with a list of roles that have already been created. Select the role(s) that you want this user to have. (It's not required for a user to have a role, but be aware that they might not have access to an area of the project that requires them to have a role). 

    Image Modified

    titleAdministrator Role

    When a project is first created, the Administrator role is the only role available, and no other roles will appear until they are created. When more roles are created, they appear as check boxes just like the Administrator option.

  3. Click either Add User if you adding a new user, or Save Changes if you are modifying a user's role(s).
    The user now has the privileges associated with the selected role(s). 

Role Hierarchy

Often you might want to have one role that includes

everything in

all the

role below it.

permissions for another role, i.e

: Operator 1

., Supervisor can do everything that

Operator 2 can, and more. This is possible to set up using the security roles for components in the Designer, but is easier to give any Operator 1 both of the Operator 1 and Operator 2 roles.


Scroll HTML Exporter Ignore
NameRole-based Access




Administration and Maintenance roles can do. In the Designer, access to Components can be restricted to specific security roles. You can give any Supervisor both of the Administration and Maintenance.



Managing Users

User Sources support managing the users and roles from within Ignition to varying degrees. Some User Sources are fully manageable, meaning that you can administer the users, roles, contact info, and so on from within the Ignition Gateway, as well as inside a Vision Client. Other User Sources do not support this at all, while yet others only partially support it. Make sure you understand how and where the administration takes place before you choose a User Source type.

For User Sources that support it, you can manage the users and roles from within the Ignition Gateway's web configure interface under Config > Security > Users, Roles. Click  Click on the manage users link next to the for the User Source you  you want to administer.

Often, it is desirable to let some management or administrative users of a Vision project manage other users without having to log into the Gateway's Configure section. To do this for a User Source that supports being managed, you can simply use the built-in User Management Panel that comes with the Vision Module.


User Management Component

Ignition has a special User Management component in the Vision Module that allows you to add, modify, and delete users and roles (and more) inside the Designer and the Client. This is simple to set up and use.

Using the User Management Component in the Designer and Vision Client

  1. In Designer, drag go to the Project Browser and then to Vision. 
  2. Create a new Window or open an existing one. 
  3. Drag User Management component to your window. This component will automatically point to the default user source being used by your project. You can change the User Source property if needed. 
  4. If you already have some users and roles setup using the Gateway interfaceWebpage, you will see those users and roles them in the User Management component. If you don't have any users or roles setup, you can create them here. Use the icons on the right side to add, edit, or delete a user or role


    Needs a new image below to not include the checkboxes since the Project Templates don't exist anymore.

    The image below shows a header and some checkboxes because we are looking at the User Management page from one of the Project TemplatesImage Removed

  5. To add a new user, put the Designer in Preview Mode. Click the

    the green plus icon next

    the plus Image Addedicon next next to the user section.

    Image Added

  6. The Add User window will open. At a minimum, enter the Username and Password. All other properties are optional. When finished, click Save
    Click the back button to return to the Users section.
    Image Removed

    Image Added

  7. To add a new role, make sure the Designer is in Preview Mode, and click the the green plus icon next . Click the the plus Image Addedicon next to the role.
    The Add Role window will open. 
  8. Enter the name of the new role. Click Save
    Click the back button to return to the Users window. 
    Image Removed

    Image Added

  9. Now you can see the user and role that were just added in the User Management window. 
    Image Removed
    Image Added

Save Failed. You are not authorized...

By default, changes to the system's user source may not be made from this component. This prevents users from locking themselves out of the Gateway, or give themselves access to the Gateway.

However, this behavior can be overridden from the Gateway: Config > System > Gateway Settings page, and setting the checkbox for the 'Allow User Admin' property. This allows for the administration of the Gateway's system user source from the Designer and the Client. Unless this is enabled, the Vision Module's User Management component is prevented from modifying the Gateway system's selected user source and you will see an error at the bottom of the component if it is attempted.

Alternatively, you can simply have a separate User Source for the Gateway. This allows you to have a User Source containing all users that should have client access, and a Gateway-specific User Source that allows access to the Gateway and Designer. This would potentially entail changing the System's User Source: Config > System > Gateway Settings > System User Source in the Gateway Webpage.