Securing the Database Editor

Because the Database Editor project can execute any arbitrary SQL database query provided by a user it is important to secure it properly.

I recommend securing it by giving the project the same security role(s) as the Ignition Designer and using good passwords for any user account that has an Ignition Designer security role. Doing this will give the Database Editor the same security as the Designer. Like the Database Editor project the Designer can also execute any arbitrary SQL query provided by a user.

In the Ignition Gateway Settings webpage you can see the role(s) assigned to the Ignition designer. Users with these role(s) can login to the Designer.

Here is what the gateway setting looks like:

 

 

 

 

Open the Database Editor project in the Ignition Designer and go to Project Properties -> General. Set the Required Client Roles field. In the image below I added the “Administrator” role so that only users that have the “Administrator” role can login to the Database Editor project.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

A modification license is not required to make changes to project properties.

You might want to remove the Database Editor project from the Ignition Gateway homepage so regular users don’t see it. Removing the project from the homepage is easily done by going to Project Properties -> Launching and checking the “Hide From Launch Page” checkbox. Here is an example:

 

 

 

 

 

 

 

 

 

 

Named Queries

Ignition 7.9.4 will have a new security feature called “Named Queries”. This security feature does not affect or change how to secure the project as given above.

Leave a Reply

Your email address will not be published. Required fields are marked *