Project Security in Designer and Gateway

You can place security on Ignition itself. The security placed on Ignition Gateway Configure page, affects how people can login to the Configure page, Designer, Home page, and Status page.

Controlling who Logs into a Project

You can control who gets to login to a project by assigning roles and giving permissions to those roles in the Required Designer Roles property which you set up in the Designer.

To access the Required Designer Roles property

  1. In the Designer, choose Project > Properties.
    The Project Properties window is displayed.

  2. Go to Project / Permissions page.
    In the text boxes on this page, enter a comma-separated list of role names that are required to access the project. If a user doesn't have the required role for any actions such as View, Save, or Delete, they cannot perform those actions in the project.

    images/download/attachments/1704460/Permission.jpg

Ignition and Security

Ignition uses what's known as role-based security. Logging in to the Gateway, logging in to a project, access to windows in a project, any type of security configuration relies on users and their associated roles. Users and all their associated roles are stored in user sources that you configure in the Ignition Gateway. See the Security in Ignition section for a quick explanation of how security in Ignition works.

After finishing the initial installation of Ignition a default user source is set up automatically for you to use. It is an internal profile that cannot be deleted but can be modified to include more users and roles.

The default user source

You can manage the default user source by navigating to the Configure > Security > Users, Roles section of the Gateway. The manage users link will allow you to add new users, modify roles and passwords for existing users, remove users, and add/remove roles from the user
source. Choosing to edit a user will bring you to the following page allowing you to make any necessary changes to that user.

images/download/attachments/1704460/Config_Security_Authenication_image.png

Types of user sources

Internal user source - This is a simple to setup, internally managed user source. All information in this type of profile is stored in the internal database used by Ignition. These types of profiles can only be managed from the Ignition Gateway, so they are not ideal for situations where you wish to create an user source that is modifiable at project runtime.

Database user source - All roles, users, and passwords are stored in a database that you specify. Managing users is done via direct interaction with the database so this kind of profile is best suited for managing users and roles during your project at runtime.

Active Directory user source - Roles and users are managed by Active Directory.

AD/Internal user source - Users managed by Active Directory and roles stored internally.

AD/Database user source - Users managed by Active Directory and roles stored in an external

In this section ...