Check mappView's client user role with visualization session login (using MpUserX widgets)

In more than one occasion I have been asked how to check the role of the user connected to a specific hardware (for example, the main HMI screen from a machine).

Knowing that, it would be possible to restrict certain actions (pressing a button or enabling certain machine module) that maybe should be restricted only to a user with enough permissions logged in from a specific screen.

To do that, in the past I used the following workaround.

First, you extract the information from the connected clients thanks to an existing session variable (AS Help). You will have to add the corresponding list binding mentioned in the help (which is not included in the software package attached to this topic).

After that, I filter out the user name depending on the IP of the screen were it should be connected (just in case multiple clients are connected to the mappView visu at the same time).

To make this piece of code work, you will have to define the following variables accordingly to your case.

• MAX_ROLE_NUM : Total number of existing roles.
• MAX_MV_CLIENTS_MINUS_ONE : Total number of clients (minus one) defined in the mappView configuration.
• MAIN_HMI_IP_ADDRESS : IP address of the mappView client where the role of the connected user will be checked.
• UserRoleList : Array containing the names of all the existing roles.

Limitations from this solution:

• The list of roles is not automatically updated in case an additional role is added to the project. In that case, the previously mentioned parameters must be adapted accordingly.
• It is considered that each user can only have a single role. In case there is more than one role assigned to a user, the first one appearing on the list (UserRoleList) will be used.

image885×243 59.1 KB

Be aware that in order to be able to read the information regarding the connected clients we need to give write permission for the variable “ClientInfo” with all the available roles.

image703×192 56.5 KB

From that point, you can check that this is working by performing a login with some user and checking its role by setting the command “CmdCheckRole”.

In case someone is interested I leave the software package here.

mVHmiRole.zip (3.1 KB)

Cheers!

Hi,Roger
Do you think your solution is similar to my question, and can you provide a solution based on your case?
client info

Hello,

Well, not really. As I understood you were asking how to force a disconnection from a specific mappView client.

In my case, having the information of all the connected clients I am checking which one of them is connected to a specific HMI (based on the IP address) to check its role.

When you are operating directly from the HMI, the user permissions are already checked because mappView natively uses OpcUa.

However, if some action is triggered by a physical button connected to a digital input (for example) the OpcUa permissions are not necessarily checked by the ST program that uses it. This solution serves as a workaround for that type of situations were you might want to check the role of a user before allowing it to perform certain actions that are not triggered from the HMI.

Got it,thank you Roger.