Security in Scripting
While the Vision system has many options for securing individual components and clients, it is possible to have requirements that go further than the options that are available. With scripting, you can create any type of security that you may need. This is mainly done through the use of the system.security.getRoles function, as well as the other system.security functions. The getRoles function gets a list of the users roles, which you can check for specific roles within your script. You can then write code for what would happen if the user has the role and if they don't have the role.
Additionally, while the typical security set up only requires the user to have one of the required roles, in scripting you can ensure that the user has any combination of roles.
Securing Event Handlers​
Security can be added to any of the event handlers in Ignition. This works on both components as well as on event handlers within the Scripting window. While the typical security settings for a window only give you the option of not opening it if the user does not meet the required roles, you can instead do something else like opening a different window.
Script Builder Security Example​
Each one of the script builders also has the ability to add security to them. The following is an example of setting up security on a Button component.
Drag a Button component onto a window.
Right click on the component, and choose Scripting.
Under the Navigation tab, click the Open/Swap radio button.
From the Window dropdown list, choose a window for this navigation.
Click the Security button in the Action Qualifiers section. Click the Required Roles checkbox.
Select the roles that are required for this navigation. Click Close.
Next, click on the Script Editor tab. You'll see the script that is generated by the options you chose in the Navigation tab.
Click OK to save the scripting. Now you've added security to the Button component.
Security in Client Event Scripts​
The Client Event Scripts can also be used to set up security within the project. While any of the Client Events can be used for different security purposes, the most common is the Startup Script. This allows you to create a customized, secure environment right as the Client is started. A Script here can do certain things based on the roles of the user such as open certain windows, write to client Tags to enable or disable certain things within a project, or even retarget to an entirely new project.
Setting Client to Read Only​
There are times when it is best to open a Client in a Read-Only mode to eliminate the possibility that a Client will affect a device or database. The Client event startup script that sets the Client mode to Read-Only is an easy way to accomplish this. Similar to the buttons in the Designer, this function can be used to set Disconnected, Read-Only, and Read/Write modes in any script in Ignition that runs in a Client. This function can be called in any Client scoped script, but is most commonly used in the Startup script.
This example creates a Client event script that sets the Connection Mode to Read-Only.
From the Designer, go to Project Browser > Client Event Scripts. The Client Event Scripts window is displayed.
In the Startup script area, enter the following:
system.util.setConnectionMode(2)where 2 means Read-Only.
Click OK. The startup script will run the next time a user logs into the Client, resulting in the Client being Read-Only.