Search

User Manual

GETTING STARTED


MODULES AND PLATFORM


APPENDIX


TUTORIALS & HELPFUL TRICKS


GLOSSARY


STRATEGIC PARTNER LINKS

Sepasoft - MES Modules
Cirrus Link - MQTT Modules

RESOURCES

Inductive University
Ignition Demo Project
Knowledge Base Articles
Forum
IA Support
SDK Documentation
SDK Examples

ALL MANUAL VERSIONS

Ignition 8.1
Ignition 7.9
Ignition 7.8

Deprecated Pages

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: small edits


Users and Roles

Security is based on the roles that are assigned to specific users. Roles do not have any structure or hierarchy by default, but can be created. You can create a hierarchy based on users with a greater role being assigned all matching lesser roles. 

There isn't a built-in restriction to the number of roles a user can have, so each user can have access to many roles, or none at all.

Info
titleRoles and Security

It's important to think about the different roles in your project and how they affect the security of your project. For instance, what level of access a particular area of a project needs may determine the functional type roles that you create, and the different users assigned to each role.

You can manage users and roles using either the Gateway interface, or using the User Management component inside the Designer or Client. This section shows how to manage users and roles using the Gateway interface. 

Warning

When using role-based security in a project, the project stores the name of the role as a string. This means that if you were to modify the name of the role in the Gateway, the role-based security in your project will not update to reflect the new name, and instead will try searching for a role with the original name. Be very careful when modifying the names of roles.



On_this_page

 



Creating a Role

  1. On the Gateway Webpage, go to the Config section, and choose Security > Users, Roles from the menu on the left.
    The User Sources page is displayed.
     
  2. Click on the manage users link for the User Source you want to manage.

    Image RemovedImage Added
     
  3. Click the Roles tab. Look for the blue arrow at the bottom, and click the Add Role link.

  4. Name the role by entering it in the Role Name field, and click on the Add Role button.
    The role is now available to be associated with specific users.

     
     

Assigning Roles to Users

  1. On the Gateway webpageWebpage, go to the Config section tab, and choose Security > Users, Roles from the menu on the left.
    The User Sources page is displayed.
     
  2. Click on the manage users link for the User Source you want to manage.
     
  3. Click the Edit link for the User you want to edit, or click the blue Add User link to add a new user. (When adding a new user, you can also add their roles at the same time).
    Image Removed
    Image Added

  4. If you're creating a new user, the Add User window will open. Enter the user's properties including the roles you want this user to have. If no roles have been created, then follow the instructions in the Creating a Role section from above. If your user already exists and you simply want to modify their roles, the Edit User window will open. (The Edit User window and the Add User window look identical). 

    To assign a role, there is a Roles property with a list of roles that have already been created. Select the role(s) that you want this user to have. (It's not required for a user to have a role, but be aware that they might not have access to an area of the project that requires them to have a role). 



    Info
    titleAdministrator Role

    When a project is first created, the Administrator role is the only role available, and no other roles will appear until they are created. When more roles are created, they appear as check boxes just like the Administrator option.


  5. Click either Add User if you adding a new user, or Save Changes if you are modifying a user's role(s).
    The user now has the privileges associated with the selected role(s). 

Role Hierarchy

Often you might want to have one role that includes all the permissions for another role, i.e., Supervisor can do everything that Administration and Maintenance roles can do. In the Designer, access to Components can be restricted to specific security roles. You can give any Supervisor both of the Administration and Maintenance.


 

 

Managing Users

User Sources support managing the users and roles from within Ignition to varying degrees. Some User Sources are fully manageable, meaning that you can administer the users, roles, contact info, and so on from within the Ignition Gateway, as well as inside a Vision Client. Other User Sources do not support this at all, while yet others only partially support it. Make sure you understand how and where the administration takes place before you choose a User Source type.

For User Sources that support it, you can manage the users and roles from within the Ignition Gateway's web configure interface under Config > Security > Users, Roles. Click on the manage users link for the User Source you want to administer.

Often, it is desirable to let some management or administrative users of a Vision project manage other users without having to log into the Gateway's Configure section. To do this for a User Source that supports being managed, you can simply use the built-in User Management Panel that comes with the Vision Module.

 

User Management Component

Ignition has a special User Management component in the Vision Module that allows you to add, modify, and delete users and roles (and more) inside the Designer and the Client. This is simple to set up and use.

Using the User Management Component in the Designer and Vision Client

  1. In Designer, go to the Project Browser and then to Vision. 
  2. Create a new Window or open an existing one. 
  3. Drag a User Management component to your window. This component will automatically point to the default user source being used by your project. You can change the User Source property if needed. 
  4. If you already have some users and roles setup using the Gateway Webpage, you will see them in the User Management component. If you don't have any users or roles setup, you can create them here. Use the icons on the right side to add, edit, or delete a user or role. 

  5. To add a new user, put the Designer in Preview Mode. Click the the plus Image Modifiedicon next next to the user section.




  6. The Add User window will open. At a minimum, enter the Username and Password. All other properties are optional. When finished, click Save



  7. To add a new role, make sure the Designer is in Preview Mode. Click the the plus Image Modifiedicon next to the role.
    The Add Role window will open. 
  8. Enter the name of the new role. Click Save.   



  9. Now you can see the user and role that were just added in the User Management window. 

Save Failed. You are not authorized...

By default, changes to the system's user source may not be made from this component. This prevents users from locking themselves out of the Gateway, or give themselves access to the Gateway.

However, this behavior can be overridden from the Gateway: Config > System > Gateway Settings page, and setting the checkbox for the Allow User Admin property. This allows for the administration of the Gateway's system user source from the Designer and the Client. Unless this is enabled, the Vision Module's User Management component is prevented from modifying the Gateway system's selected user source and you will see an error at the bottom of the component if it is attempted.

Alternatively, you can simply have a separate User Source for the Gateway. This allows you to have a User Source containing all users that should have client access, and a Gateway-specific User Source that allows access to the Gateway and Designer. This would potentially entail changing the System's User Source: Config > System > Gateway Settings > System User Source in the Gateway Webpage.