Configure Security

Security can be implemented to restrict modifying configuration parameters and limit real-time and historical data access.

View the following video or follow the basic steps that follow to learn how to setup security for OPC Systems.NET.

https://www.opcsystems.com/security_video.htm

For a complete list of all Security properties refer to the OPC Systems Configuration-Security section in this help file.

Step

Task

1

Start Configure OPC Systems application.

2

Select Configure-Security.

3

Select the Local OPC Systems Service by selecting the Select button or the Local node in the service tree to the left.

4

The Default Security Group contains all of the security default settings if a remote client application is not logged and is connected to the service.

The Enable All Features selection will enable all features for security access.

You can add multiple Security Groups, each one having its own security settings.

You then define Security Users with Configure-Users to assign a Security Group to a User.  You cannot define the Default Security Group to a User.

5

The Common properties are general features that are common to the entire OPC Systems Service that can be restricted.

 

The Tags properties are the different types of methods that can be performed on the real-time Tag database.

 

The Read Tags properties provide the feature to disable or enable real-time data access to Tags.  You can either Disable All Tags From Reading and then Enable specific Tags or leave all Tags for reading , but just Disable specific Tags.

The Read Tags properties affect real-time data access from HMI controls like OPC WPFHMI.NET, OPC Windows.NET and OPC Web HMI.NET, but also restrict real-time Trending and Data Logging.

 

The Write Tags properties limit client applications from writing to Tags.

 

The Trends properties are for a few specific name retrieval functions.

 

The Trend RealTime properties help to limit access for real-time trending.

 

The Trend History properties allow restriction of history replay from clients.

 

The Data Log properties limit data logging configuration parameters from access and modification.  To limit the actual data being logged use the Read Tags properties.

 

The Alarms properties limit obtaining the Alarm Group Names defined in the Service.

 

The Alarm Ack properties limit the ability to acknowledge alarms based on alarm priority and Alarm Groups.

 

The Alarm RealTime properties limit the ability to access the current alarms based on alarm priority and Alarm Groups.  This also restricts Alarm Logging.

 

The Alarm History properties limit the ability to access historical alarms from a database based on alarm priority and Alarm Groups.

 

 The Alarm Log properties limit alarm logging configuration parameters from access and modification.  To limit the actual alarms being logged use the Alarm RealTime properties.

 

The Alarm Notification properties limit alarm notification configuration parameters from access and modification.

 

The Reports properties limit report configuration parameters from access and modification.

 

The Recipes properties limit the recipe configuration parameters from access and modification.

 

The Security properties limit the security configuration parameters from access and modification.  

 Warning  Make certain to first add a Security Group to all access and modification to the security configuration and add a User assigned to the new Security Group before disabling access and modification of Security in the Default Group.

 

The Options 1, 2, and 3 properties are to limit access of the parameters found under Configure-Options.

 

6

Once you have defined a new Security Group select Configure-Users to define User Names, Passwords, and Security Groups defined to each user.

7

In order to save your Security and User configuration select the Save button on the toolbar at the top and use your desired file name.

Set the Default Security Configuration to load under Configure-Options.

8

Under Configure-Options note the 2 following properties.

Security User Name for Service

Security Password for Service

These properties will allow the OPC Systems Service to run under this defined user account to give remote client access privileges for Read Tags for Calculations and Data Logging, and for Realtime Alarms for Alarm Logging.  This is important if the remote OPC Systems Services have Security restrictions for these features.

9

Refer to the VB.NET Example on how to programmatically login to multiple client components in a Visual Studio Application.  You can also use the LogIn icon on the Trend and Alarm Controls individually.  This code is in the FormMain code of the VB.NET Example.

The OPC Contrrols.NET LogIn and LogOff methods are found in the OPCControlsLogIn control that will control user access for all OPC Controls components used in a Visual Studio application.  The ShowUserLogIn method displays a Log In dialog for security access log in.  You can also obtain the Current User with the CurrentUser function.

The OPC Trend.NET component has LogIn and LogOff methods to use for programmatic interface, but also a LogIn icon that can be displayed on the toolbar.

The OPC Alarm.NET component has LogIn and LogOff methods to use for programmatic interface, but also a LogIn icon that can be displayed on the toolbar.

The OPC Web HMI.NET OPCWebRefresh contains the LogIn and LogOff methods for controlling for a specific web page.

The OPC Web Trend control has LogIn and LogOff methods.

The OPC Web Alarm control has LogIn and LogOff methods.

The OPC Systems Component used for programmatic interface of all configurations has LogIn and LogOff methods.

10

The Configure OPC Systems application has a Log In selection on the main menu in order to grant access privileges to a service with security protection.  It is important to know that features like CSV Import and Export may be restricted based on the security policy of the OPC Systems Service it is connected to.

 

More:

Security Groups and Users CSV Export and Import

Security and Users Programmatic Interface