07-01-2015 02:26 AM - edited 07-01-2015 02:37 AM
Is there any good solution for user management in labview?
I want to define 3 access level for my program. Level 1 is admin, he can create new users, assign access to indivual controls for that user, he can create configurations and select configuration for a device that is communicated over UDP/IP, Level 2 is user, he can select config, is not allowed to change or create configs, level 3 is observer, he can only observe the system state, he is not allowed to change any configs nor select configs.
I have searched a little in internet, What I found was an "official" solution, that has schocked me. It is using "hard-coded" passwords in Programmcode. It is absolutely NO-GO for my application. All users must be able to change his/her password.
As an alternative I can use windows users/groups as user logins. I have found below topic but it is not working. I get error 1172 always.
https://lavag.org/topic/15260-labview-and-windows-authentication/
BTW: I need local users, not domain users, in case windows authentication.
What is the best solution?
Thanks.
07-01-2015 03:26 AM
As far as I know there is no in-built functionality to do this in LabVIEW so you'll be building a lot of it from scratch. I'm assuming here that your application is running on a single PC.
As a starting point, I'd recommend using something like SQLite to have a small database table of users/passwords/roles. If you need per-user permissions (that overrides their 'level)' - you'll need another table for that.
You'll of course need to investigate the appropriate level of password salting/hashing (you never want to store/transmit the unencrypted password) for your application. The example you found was probably just an example - it wasn't designed to be secure but as a starting point for developing your own system.
There are LabVIEW libraries available for encryption and SQLite.
You'll then need to implement things like:
- UI for creating/modifying users
- Logging in/out
- Allowing a user to change their password
- Checking whether the user can perform the requested action
07-01-2015 03:42 AM
Thanks for reply.
Second question:
In Labview->Tools->Security there is a Domain Account Manager. It is exactly thing what I need, I can create groups, and restrict access to controls and indicators, but a college has changed the Administrator password and he can not remember it :). How can we reset this password? There is no "Forgot password" option.
07-01-2015 04:00 AM
Oh wow...you learn something new every day - I can't say I knew that the 'NI Security' existed! Looks like there are some VI Server methods for logging in/out and getting access rights which is pretty cool and does quite a lot of the legwork for you. I'm not sure how widely used it is though?
As for resetting the password - you might need to take it up with NI to see if they can tell you if/how it is possible to reset the password and/or delete the file/database which stores the information.
Perhaps you could create a new NI Domain for your needs?
07-01-2015 09:26 AM
My first thought when reading your subject was that "You don't get down from an elephant, you get down from a goose."
I think that TestStand is the best solution; it's got that stuff built-in.
07-01-2015 09:56 AM
We found the pasword and we can use NI security login screen and all stuff in Domain Account Manager. It is the exactly one that I was searching for. I can create groups and assign access level for each individual controls and indicators in Front Panel (Front Panel Security). It is also possible programmatically login, logout, list users, list groups etc. All things are in DSC Module Palette.