Contents
Cirrus Link Resources
Cirrus Link Website
Contact Us (Sales/Support)
Forum
Cirrus Link Modules Docs for Ignition 7.9.x
Inductive Resources
Ignition User Manual
Knowledge Base Articles
Inductive University
Forum
Page History
...
MQTT Security Context allows secure command writes through MQTT Engine to MQTT Transmission by using custom tag permissions to authorize a tag write based on user.
The primary purpose of using this feature is to use Ignition's internal 'Security Context' objects to validate writes to tags from MQTT Engine to Transmission. Internally, Ignition checks that any user or application has the permissions to perform a write to a tag in Ignition. If the user/application is allowed, Ignition permits this to occur.
However, if a user/application has permissions to write to the MQTT Engine tag, it doesn't necessarily mean that the user has permissions to write to the remote corresponding MQTT Transmission tag. By enabling this feature, we enforce permission validation on the MQTT Transmission side and we do this by sending the Security Context object from MQTT Engine to MQTT Transmission. We can then use that object to validate the user/applications permissions on the MQTT Transmission side.
In order to do this in a secure way, the user When using Ignition Security Context, the user security context is encrypted and included with the published write command message from MQTT Engine. At MQTT Transmission, the security context is decrypted and, if the user is authorized to write to the tag, this results in a successful write and the tag change is published. If the user is not authorized to write to the tag, there is no action taken.
...
Overview
Content Tools