Locking Project Resources
You can lock individual project-level resources in the Ignition Designer using Project > Properties and the Project Properties window and adding a role to the Protect Resources project setting.
Role-based access
Security is configured using roles. This simple concept just means that instead of granting or revoking privilege based on user, you do so based upon the more abstract concept of a role, and then you assign users to belong to one or more roles.
The maintenance ramifications of this separation are fairly obvious - you define your security based upon the process, not the people. Ideally, the process remains constant even if the cast of characters changes. As people are hired, transferred, promoted, fired, etc, the security management simply becomes the re-assigning of roles, not the re-designing of your project.
Project Required Roles
The coars est level of security for a Vision project is the project's Required Roles property. This is a list of roles that the user must have all of in order to log into the Client.
See also: Project/General Properties , Security in Ignition
Tag Security
Tag security is often the best way to configure security for data access. By defining security on a tag, you affect the tag across all windows in the project, as opposed to configuring component security on each component that displays or controls that tag.
If a user opens a window that has components that are bound to a tag that the user doesn't have clearance to read or write to, the component will get a forbidden overlay.
Tag security in action
See also: Quality Overlays , Permission Properties
Component Security
Each window and component can define its own security settings. These settings determine who can see and/or use the component. To define security for a component, right click on it and choose Component Security. Here you can choose to implement a security policy different than that of your parent.
In the Client, if the user does not match the role filter that you define, the component will be disabled or hidden and disabled. If a user with higher privileges logs in, the component will be useable again.
If you choose to disable a component, make sure that it is a component that actually does something different when it is disabled. For example, buttons and input boxes can't be used when they are disabled, but disabling a label has no effect.
Securing event handlers
Event handlers often execute logic that must be secured. The various script builders all have special security qualifiers that can be enabled. These qualifiers get translated into the generated script by accessing the user's current roles via scripting.
Example
if 'Administrator' in system.security.getRoles():productCode = event.source.productCodeqty = event.source.parent.getComponent("QuantityBox").intValuequery = "UPDATE my_secure_table SET quantity=? WHERE product=?"system.db.runPrepUpdate(query, [qty, productCode])else:system.gui.errorBox('Insufficient security privileges.')See also: Script Builders , system.security.getRoles