Web Page Security with Duet Firmware

dchristo

I have a NI-700 with duet firmware 3.12.335. I've noticed when using the web configuration pages that even with "configuration" security enabled on the master (but without http security), any user can access the Diagnostics page and the Control/Emulate page without needing a password. Is this the way the security is intended to work? Even with http security enabled, a user that logs in will have access to the two pages above, which could prove to be dangerous. I would expect that without configuration rights a user should not be able to Control or Emulate a device, or turn on Device notifications. I'd like to have users be able to access to G3 and G4 webcontrol devices, but not be able to adjust the master.

Any thoughts?

--D

DHawthorne

dchristo wrote:

I have a NI-700 with duet firmware 3.12.335. I've noticed when using the web configuration pages that even with "configuration" security enabled on the master (but without http security), any user can access the Diagnostics page and the Control/Emulate page without needing a password. Is this the way the security is intended to work? Even with http security enabled, a user that logs in will have access to the two pages above, which could prove to be dangerous. I would expect that without configuration rights a user should not be able to Control or Emulate a device, or turn on Device notifications. I'd like to have users be able to access to G3 and G4 webcontrol devices, but not be able to adjust the master.

Any thoughts?

--D

There's a seperate checkbox for configuration in the security setup on the user level. Unfortunately, I have to run out fairly quick this morning, so I can't play around with it myself; I may get a chance later.

dchristo

I just got a note from Tech Support confirming this as an issue, and that it should be addressed in the next version of firmware.

--D