Recipe Security

Recipe Value Security

Security of who can modify recipe values can be set up by right-clicking on the recipe value of the Default items in the Recipe Editor and selecting Security. The recipe value security uses Ignition's authentication roles to limit who can change what recipe values and by how much. Each recipe value can be set to specific security settings or it can inherit from its parent. Like other recipes value settings, the security settings can propagate down multiple levels of inheritance.

The only place the recipe value security can be changed is by using the Recipe Editor component or through scripting, and it can only be changed in the default values area, not in the actual recipes.

These security settings work in the Client environment, but may have reduced functionality in Ignition Designer. Functionality should be tested and verified while in the Client environment.

Watch the Video

Recipe Editor – Default Values and Security

The Security Mode drop-down list provides several options for enabling or inheriting security mode:

Inherited - This behaves the same way as if the old checkbox was True. Security properties will be copied from the most immediate parent with security information. If a parent does not exist, or all parents are in Inherited mode, then the Setpoint 's security will be treated as if it was disabled. This is the Default setting for all newly created setpoints.
Enabled - This behaves the same way as if the old checkbox was False. This unlocks the Role allowances, allowing the operator to set value limitations for certain roles (or deny permission altogether).
Disabled - This is a new feature. The Recipe Value is always editable by all people. The Roles and allowances may be set, but they will not take affect.

The recipe value security is verified when changing values using the recipe editor component, importing recipes or changing values using script.

The Edit Allowance drop-down can be used to quickly select or deselect all Allow Edit rows.

Security Mode drop-down

Edit Allowance drop-down

When changing a recipe value using the Recipe Editor component, importing recipe values or from client script, the authentication role applied comes from the roles the currently logged in user belongs to. If the user belongs to multiple roles then the role with the least security will be applied. For example, if a user belongs to both the Operator and Maintenance authentication roles, then the least secure one will be applied. If the Operator role can change the Product Pressure recipe value from 10 to 15 and the Maintenance role can change it from 5 to 20, then the Maintenance role will apply.

When changing a recipe value from gateway script, the Administrator authentication role is always applied. Whether or not the logged in user can change the security settings can be controlled with the Enable Security Editing property of the recipe editor component. This property can be bound to an expression to determine if the currently logged in user belongs to authentication roles that are allow to edit security. Another approach is to create a window that allows the recipe value security editing and restrict opening the windows based on authentication roles the currently logged in user belongs to.

Recipe Security Through Scripting

The list of security roles and the details of individual security roles can be retrieved through scripting. The objects Machine Recipe Value Security Info and Machine Recipe Value Security Role provide functions can be used to change security settings of a recipe item.

def recipeFunction(eqPath):
	print 'Process Recipe Stuff for %s' % eqPath
	linePath = eqPath
  
	# Get a list of all the recipe entries under this path
	recipeVals = system.recipe.getDefaultValues(linePath, "1", "")
	 
	# Cycle through the list
	for ndx in range(recipeVals.size()):
	     
	    # Get the recipe item at this point
	    recipeItem = recipeVals.get(ndx)
	     
	    # Get the name of the item
	    recipeItemName = recipeItem.getName()
	    print recipeItemName
	 
	    # Get the security object for this item
	    secInfo = system.recipe.getRecipeValueSecurity(linePath, recipeItemName, False)
	  
	    #Cycle through and print the setting for each role
	    #for ndx in range(secInfo.getSecurityRoleCount()):
	    #   recSec = secInfo.getSecurityRole(ndx)
	    #   print recSec.getSecurityRole()
	    #   print recSec.isAllowEdit()
	  
	    # Get the security info for a specific role
	    secRole = secInfo.getSecurityRole('Supervisor')
	  
	    # Allow the role to edit
	    secRole.setAllowEdit(True)
	  
	    #This must be set otherwise it will inherit from the parent
	    secInfo.setInherit(False)
	    print secRole.getMinValue()
	    print secRole.getMaxValue()
	  
	    # if you know the datatype or you know the item by name you can set the min and max for the role
	    #if recipeItemName == 'FanSpeed':
	    #   secRole.setMinValue(32.5)
	    #   secRole.setMaxValue(212.0)
	 
	    #Update the security settings
	    system.recipe.updateRecipeValueSecurity(secInfo)
	
def eqTree(UUID):
	obj = system.mes.loadMESObject(UUID)
	recipeFunction(obj.getEquipmentPath())
	if obj.getChildCollection().getList().size() > 0:
		list = obj.getChildCollection().getList()
		for item in list:
			eqTree(item.getMESObjectUUID())

basePath = '[global]\New Enterprise'
obj = system.mes.loadMESObjectByEquipmentPath(basePath)
eqTree(obj.getUUID())

MES Platform 3.0

Business Connector

Sepasoft Resources

Inductive Resources

Help Versions

Recipe Editor Security

Watch the Video

Recipe Editor – Allowing Certain Functions

Recipe Value Security

Watch the Video

Recipe Editor – Default Values and Security

Recipe Security Through Scripting

References