You can help by commenting or suggesting your edit directly into the transcript. We'll review any changes before posting them. All comments are completely anonymous. For any comments that need a reply, consider emailing training@inductiveautomation.com.
Version:
LESSON LIST
-
2:18Requiring SSL
-
1:32Changing admin Password
-
2:34Role-based Access
-
4:13Internal Authentication
-
5:44Database Authentication
-
2:33AD Database Hybrid
-
1:39AD Internal Hybrid
-
1:27Verifying an Authentication Profile
-
2:13Locking the Gateway
Take Topic Challenge
LESSON
Database Authentication
Description
Add an additional authentication profile to store user information using an existing database connection. This video includes information about the automatically created database tables, as well as what to do when making your own.
Video recorded using: Ignition 7.9
Transcript
(open in window)[00:00] A user source that uses database authentication allows you to store user information in an external database, instead of internally within Ignition. A benefit of using database authentication is that you can connect multiple Ignition gateways to the same database, and use the same user source information across all of the different gateways. Let's take a look at how a database authentication user source works. We start in the configure section of the gateway webpage in the users and roles section under Security. Here you should see a list of your already configured user sources. We want to go ahead and click on the link Create new User Source, and in the list of possible user sources, we want to select the database option. Once that's selected, you can go and scroll down and click the Next button to begin configuring our user source. We can first give it a name, I'm just going to leave mine at NewProfile, and then we can take a look at some of the other properties listed here. Some of them may seem familiar, while some of them are completely unique to the database user source. For example, here we can select to make this user source schedule restricted, we can setup a failover user source, and we can set the failover mode, just like we can with other user sources. We scroll down a little further, we can see some new properties. Here under main properties, we have the database property. This allows us to choose a database connection that we want to store this user source in. You can choose any one of your configured data sources, but since I only have one, I'm going to leave it at that. Next we need to choose the mode, either automatic or manual. This property is very important, because it will determine how your user source works. In automatic mode, the tables are automatically created for you and all interaction with the database is handled automatically. All relevant tables that get created for this user source will have a prefix that you can set right here, under the automatic mode properties. To make it unique, I can change this to whatever I want. Such as dbusersource, with an underscore. So, if I were to create my user source now, it would start with the prefix dbusersource, and then it would have an underscore, and then it would have the rest of the name of the table. If, however, you were to set the mode to manual, then you would need to manually create not only the queries, but the tables that the user source is going to use in the database. For the tables, you should probably go into your database manager and set them up there. But for the queries, you can set them right here in the manual mode properties down below. Each one of these properties takes a single query that has a very specific function. In addition, most of the properties have example queries that you can use if needed. Manual mode allows you to really fine tune how your user source works. Since I'm leaving mine at automatic, I can just leave all of these blank and click the Create New User Source button down at the bottom of the page. We can now see my new user source on the list, and it has a type of database. If I go over to the right here and click on the More button and go to manage users, you'll notice that not only are there no users listed here, but there's also no roles. Now even though all of this user source data is stored in the database, I can still manage it from here in my Ignition gateway. For example, I can click the Add Role link to add a role, and then give my role a name, such as User. When I click the Add Role button at the bottom of the page, you'll see it successfully added the User role. Likewise, I can go back to the Users tab and click the Add User link to add a user. I'll give my user a username of Joe, and a password. And I can even give him the role that I just created of User. Once I have that done, I can click the Add User button down at the bottom of the screen. You can see I now have my user Joe in here, and he has a role of User. Now if I were to switch over to a Designer here, go into the Tools menu and open the database query browser, we can see that I now have some new tables in my database that start with the prefix dbusersource. These tables are all being used by the new user source that I just setup. If I take a look inside the roles table, you can see I have my one role that I setup of User. If I switch over to my users table, I can instead see the user that I setup, Joe, his hashed password, as well as things like first and last name, and the schedule that I may have set for him. All of that is located here in the users table. Then you may have noticed that Joe here doesn't have any roles listed. This is because the user-specific roles are setup in a separate role mapping table. You'll notice Joe has an ID of one, and my users role had an ID of one as well. If I go down to my list of tables and look in the user_rl table, you can see we have one entry, a user ID of one, that corresponds to a role ID of one. Our user one is Joe and our role one is User, so this let's us know that Joe has a role of User. To learn more about the rest of the tables used in the database user source, you can check out our user manual, where you can find out how they work and interact with each other.