Contents
Cirrus Link Resources
Cirrus Link Website
Contact Us (Sales/Support)
Forum
Cirrus Link Modules Docs for Ignition 7.9.x
Inductive Resources
Ignition User Manual
Knowledge Base Articles
Inductive University
Forum
Page History
Abstract
MQTT Security Context allows secure command writes through MQTT Engine to MQTT Transmission by using custom tag permissions to authorize a tag write based on user.
...
Tags must have write permission enabled. Tag write permissions can applied to the entire tag provider or on individual tags to guarantee the write security.
These tag writes can also be configured to create an entry in the Ignition Audit Log
| Note |
|---|
| To use this feature you must be using MQTT Engine and MQTT Transmission modules 4.0.10 or greater and Ignition 8.1.11 or greater |
Central Gateway Configuration
MQTT Engine
In the Ignition Gateway web UI, navigate to the MQTT Engine Settings in the left side bar. From the Main tab, set the following elements in the Command Settings section.
...
| Note |
|---|
| Block Node Commands and/or Block Devices Commands must be de-selected for the Include Security Context feature to be enabled |
Edge Device Configuration
MQTT Transmission
In the Ignition Gateway web UI, navigate to the MQTT Transmission Settings in the left side bar. From the Transmitters tab, for each transmitter set the following elements in the Command Settings section.
...
| Note |
|---|
| Block Commands must be de-selected for the Validate Security Context feature to be enabled |
Creating an Audit Log Record
Tag writes using the security context can be configured to create an Ignition audit log record following the steps below:
- Create a Database Audit Profile
- On the MQTT Transmission General tab, set the Audit Profile to your database audit profile
Use any of the standard Ignition ways to view the the Audit Log System. Th image below shows the records through the Database Query Browser and the fields are populated as:
| Name | Description of value |
|---|---|
| EVENT_TIMESTAMP | The timestamp that the tag write using the security context was performed in the format YYYY-MM-DD HH:MM:SS:mmm |
| ACTOR | Currently not used - set as "unknown" |
| ACTOR_HOST | The originating host system gateway name |
| ACTION | Set as "tag write" |
| ACTION_TARGET | The tag path for the tag that is being written to |
| ACTION_VALUE | The Qualified Value (value, quality, timestamp) for the tag write |
| STATUS_CODE | Currently not used - set as "0" |
| ORIGINATING_SYSTEM | The system generating the audit record - set as "MQTT Transmission:DCMD Write" |
| ORIGINATING_CONTEXT | Currently not used - set as "0" |
| Excerpt Include | ||||||
|---|---|---|---|---|---|---|
|
...
Overview
Content Tools