Default Security Groups

This topic provides a list of the default security groups created in Historian, along with the default user, ihCloudHistAdmin, for the ih_security_admins group. The password for this user is the one you enter in the UAA Configuration field while deploying Proficy Historian for AWS.

ih_security_admins: Historian power security users. Security administrators have rights to all Historian functions. By default, a user named ihCloudHistAdmin is added in this group.

ih_collector_admins: Allowed to add collector instances and change their destination.
ih_tag_admins: Allowed to create, modify, and remove tags. Tag-level security can override rights given to other Historian security groups. Tag admins can also browse collectors.
ih_archive_admins: Allowed to create, modify, and remove archives.
ih_unaudited_writers: Allowed to write data without creating any messages.
ih_unaudited_logins: Allowed to connect to Data Archiver without creating login successful audit messages.
ih_audited_writers: Allowed to write data and to produce a message each time a data value is added or changed.
Tag, archive, and collector changes log messages regardless of whether the user is a member of the ih_audited_writers group.
ih_readers: Allowed to read data and system statistics. Also allowed access to Historian Administrator.

The following table provides the types of user groups you must create based on your requirement.


Function	iH Security Admins	iH UnAudited Writers	iH UnAudited Login	iH Audited Writers	iH Readers	iH Archive Admins	iH Tag Admins	iH Collector Admins
Manage tags	X						X
Create archive	X					X
Read data	X				X
Write data (unaudited)	X	X	X
Write data (audited)	X			X
Modify data	X	X	X	X
Update tag security	X
Migrate	X
Login connection messages	X	X		X	X	X	X	X
Recalculate data	X		X	X				X

Note: Regardless of the security group to which a user belongs, the user has full privileges to the Web Admin console.

For instructions on creating and managing users, refer to Managing Users and Groups.