LabVIEW

Hey,

You mention databases. Have you used databases before? Do you know which management system (if any) you want to use?

How much protection does your collection of access levels need? O mean, a user can edit a csv file outside of labview, for example. Is this is a problem? 

You can consider looking into a simple state machine as a starting point but you'll want to consider the possibility a user could wire constants instead of the designed check to elevate themselves if you don't control that. 

---

Hi,

You mention databases. Have you used databases before? Do you know which management system (if any) you want to use?

I used both Access and My Oracle before, I don't have any access to any of them now, but i can install them easily. I do have a license for Microsoft Access.

How much protection does your collection of access levels need? O mean, a user can edit a csv file outside of labview, for example. Is this is a problem? 

should be very protective. No access out of the LabVIEW. everything should be done within the software itself.

 You can consider looking into a simple state machine as a starting point

I have a good theoretically idea about simple state machine, and i used to solve problems on papers for this topic. never knew it through labview.

want to consider the possibility a user could wire constants instead of the designed check to elevate themselves if you don't control that. 

can you clarify please ?

thanks for your reply.

---

@N.Ghrayeb wrote:

 

should be very protective. No access out of the LabVIEW. everything should be done within the software itself.

 

 You can consider looking into a simple state machine as a starting point

 

I have a good theoretically idea about simple state machine, and i used to solve problems on papers for this topic. never knew it through labview.

 

want to consider the possibility a user could wire constants instead of the designed check to elevate themselves if you don't control that. 

 

can you clarify please ?

---

Regarding the last point, what I meant is if you imagine a simple solution as having either a) some buttons, which when you click, check the value of an enum on a shift register with values like 'admin', 'user-A', 'user-B' and then either take an action or tell the user it is disallowed, or b) you hide buttons that aren't allowed for a user based on the same shift register and enum, then you'd want to take care that someone couldn't open the Block Diagram, and remove the subVI or subVIs that changed the value on the shift register for constant values, such as 'admin', when they did not have the password and so on.

This ties in with your comments on being very protective - I'm not sure what the best way to prevent users from accessing whatever you store your access rights in (for example, the database file). It might be that you could have only a 'LabVIEW' user with access to the database, using the database's access management system (I'm suggesting this because I don't know how to securely control LabVIEW - someone else might have a simpler/better solution) and then have the VI that opens the database connection and 'logs in' to the database lock the block diagram with a password you don't give to (any) users. 

Then, you could just check two strings in the database using this 'secure' connection. Be aware, that it probably isn't actually secure. Something like 'SELECT AccessLevel_ID WHERE UserName = <name> and Password = <password>' seems likely to be attackable from all sorts of directions, and I don't know enough to tell you what to watch out for!

From a LabVIEW point of view, you're wanting to ensure that other users aren't able to just completely bypass your system by giving a false value to things that check it. Hiding the value inside class private data might help with this (since you could leave the data member with no public accessors, and only private access via the authenticated database connection) but I imagine it isn't too hard to take a LabVIEW object, flatten it to string/xml/variant, and then change an integer value or similar. I'm not sure what the most secure way is. If you need something that with withstand more than simple attacks, you'll need to either be or consult with someone knowledgeable about security protocols and proceedures.

---

hey there,

thanks for your reply, I'm going to take everything you mentioned into consideration and give it a go. I'll try to use the Enum procedure to make the user choose between the levels. but I was trying this before few minutes. 

I didn't know how actually I can design it similar to a login details such as (Admin/ xx) - I didn't know how to program it.

what I have now in my block diagram, a System String name comparing with fixed block "admin", if it's equal then will give you an access otherwise wont. 

I know my steps are not the best, but at the end I know that i'll have a good strong VI, when i finish everything in my mind. 

please have a look to what I've done

Thanks again

To be clear, I don't think you should allow any access or choosing of the enum value by the user - this should be something your code decides based on the username, probably.

This was what I thought you had in mind:

This is a completely non-functional VI that just defines an icon and access pane for illustrative purposes. You'd probably also want to consider an input for either a class wire, or a database connection - but be aware that if the database wire is visible on a block diagram, you could add more subVIs to create additional calls into the database (like 'UPDATE Users SET AccessGroup_ID = <admin, top level, etc> WHERE User = <me>' or similar)

---

Hi, 

thanks for the good advice, I haven't had time yesterday to work on this project, but i'll try to process now. 

I'll consider all your tips and i'll keep posting my updates and problems. 

Regards,

Hello  cbutche

I started building each SubVI individually and I started with the Admin page, then i'll go back to give the permission to everyone as it's easier for me to break down every page alone. 

however, through what i'm planning to do, the admin should be able to add, remove and View (history, stations/subVIs, and many details).

I found 2 problems till now. 

when i'm adding the new details/elements to my table. the old ones will be removed automatically. so how can i keep them saved. 

however, after the first iteration or running, the VI stopped then i need to play it again and it'll run normally 😕

second, my stop button won't work, i guess i made a mistake somewhere. 

please check my pictures.

Hey,

So it seems like I missed an update here, and it's been some time - sorry!

How is the project going?

---

Hello mate, 

sorry i was away for the last week or so. 

I changed the plan to be one permission, but with trace-ability to the user himself. 

now I'm working on this idea through tab container, using local variable to specify the user to enter his username and password in case he want to jump from tab to tab.

but i'm still in the process to enhance my VI as much as i can

Cheers mate.