Security in Scripting

Securing Event Handlers

You can set up security in an event script using the system.security.getRoles() function, and use the function in any script in Ignition that runs in a Client.
To ensure the person invoking the script has sufficient privileges, use the following code:

if u'Administrator'in system.security.getRoles():
#This part of the script will run if the user has the correct privileges. For example:"
print "this script will run if the user has a the administrator role."
else:
system.gui.errorBox('Insufficient security privileges.')

If the person does not have sufficient privilages, the script will show an error box. The script can be embeded into any event handler.

Securing event handlers

Event handlers often execute logic that must be secured. The various script builders all have special security qualifiers that can be enabled. These qualifiers get translated into the generated script by accessing the user's current roles via scripting.

Example

if 'Administrator' in system.security.getRoles():
productCode = event.source.productCode
qty = event.source.parent.getComponent("QuantityBox").intValue
query = "UPDATE my_secure_table SET quantity=? WHERE product=?"
system.db.runPrepUpdate(query, [qty, productCode])
else:
system.gui.errorBox('Insufficient security privileges.')

See also: Script Builders , system.security.getRoles

Setting the Client to Read-Only

There are times when it is best to open a Client in a read-only mode to eliminate the possibility that a Client will affect a device or database. The Client event start up script to set the Client mode to read-only is an easy way to accomplish this. Similar to the buttons in the Designer, this function can be used to set Disconnected, Read Only, and Read/Write modes in any script in Ignition that runs in a Client. This function can be called in any Client scoped script, but is most commonly used in the Startup script.

To set the Client to be Read-Only

  1. From the Designer, go to Project Browser > Scripts > Client Event Scripts.
    The Client Event Scripts window is displayed.

  2. In the Startup script enter this code: system.util.setConnectionMode(2) where 2 means read-only.

  3. Click OK.
    The start-up script will run the next time a user logs into the Client, resulting in the Client being read-only.

Or it can prevent a Client from logging in with the following script:

system.security.logout()