09/14/2023

How to restrict access to ctrlX Data Layer nodes for a specific user

Introduction

In order to create access rights of certain ctrlX Data Layer nodes for specific users, there is a node called scope in "datalayer/security". By configuring this node we can assign special access to the defined users.

Overview ctrlX Data Layer scopes
In this How-to article I will guide you through a step-by-step description of how to configure this feature. Further description is available here. 

Prerequisites

  • ctrlX CORE 
  • ctrlX WORKS to install ctrlX COREvirtual


Configuration

Step 1: Define the scope

Go to the Data Layer and navigate to datalayer/security/scopes and click on Create: 

Navigate to scopes in ctrlX Data Layer
Insert the user-defined scope, t.e.

{
    "identifier": "datalayer.MotionOnly",
     "name": "Motion/Nodes/Only",
     "description": "specific datalayer rights definition -> motion", 
     "permissionsR": ["motion/**"]
}

And click on Create:

Insert the user-defined scope

A scope contains the following permission lists:

  1. permissionR:
    List of addresses that may be accessed for reading, browsing, and reading metadata.
  2. permissionRW:
    List of addresses that may be accessed for reading, writing, browsing, and reading metadata.
  3. permissionX:
    List of addresses that may be accessed for creating, deleting, browsing, and reading metadata.
  4. permissionRWX:
    List of addresses that may be accessed for creating, deleting, reading, writing, browsing, and reading metadata.

An address in one of the lists may contain placeholders:

  • *:
    1. Stands for any node
    2. Can be used as the part between two "/" or at the end
  • **:
    1. Stands for any node trees
    2. Can be used at the end

Examples:

  1. datalayer/nodes:
    Allows to access the node "datalayer/nodes"
  2. motion/**:
    Allows to access all nodes below motion
  3. devices/drives/**:
    Allows to access all nodes below "devices/derives"
  4. motion/axs/*/pos:
    Allows to access all "pos" nodes of all axes

 

Step 2: Change the permissions of a user

To change permission for a specific user go to  "Settings>Users & Permissions>Users" as shown in the picture below and click on the pencil-like icon "edit" for chosen user.

Navigate to change permissions for a user
Now on the newly opened page, navigate to the individual permissions tab and scroll down to "Data Layer scopes" as shown in the picture below.

Set permission

Choose the defined permission and click on save. 

Now from the next login of that user, changes will be applied and it will look something like the below image 🙂 .

View in datalayer after change of permissions are applied


I hope you found this article informative and enjoyable. If you have any questions, comments or encounter any unusual problems with the project, feel free to leave them in the comments section below. I would love to hear from you and continue the conversation. Your feedback is always appreciated! 

Latest published/updated articles

Types
How-to
Categories
Controls