About Proficy Authentication Groups

A Proficy Authentication group is created for a specific type of users who will likely perform the same type of activities.

If you have groups in a remote Proficy Authentication service, you can use them with Historian using the Proficy Authentication LDAP Integration tool. This section describes how to map the groups in the remote Proficy Authentication service with Historian counterparts. By default, Historian contains the following Proficy Authentication groups:
  • historian_visualization.admin: Provides access to Trend Client and the Web Admin console.
  • historian_visualization.user: Allows access to Trend Client.
  • historian_rest_api.read: Provides read access to public REST API.
  • historian_rest_api.write: Provides write access to public REST API.
  • historian_rest_api.admin: Provides read/write access to public REST API.
  • historian_enterprise.admin: Provides read/write access to Configuration Hub APIs.
  • historian_enterprise.user: Provides access to view Configuration Hub APIs.
  • ih_archive_admins: Provides the ability to create, modify, and remove archives.
  • ih_audited_writers: Allows data writes and to produce a message each time a data value is added or changed.
  • ih_collector_admins: Allows the ability to add collector instances and change their destination.
  • ih_readers: Provides access to the ability to read data and system statistics. Also allowed access to Historian Administrator.
  • ih_security_admins: Provides access to Historian power security users. Security administrators have rights to all Historian functions.
  • ih_tag_admins: Provides access to allow the ability to create, modify, and remove tags. Tag-level security can override rights given to other Historian security groups. Tag admins can also browse collectors.
  • ih_unaudited_logins: Allow connenctions to the Data Archiver without creating login successful audit messages.
  • ih_unaudited_writers: Provides the ability to write data without creating any messages. Tag, archive, and collector changes log messages regardless of whether the user is a member of the ih_audited_writers group.
  • ih_readers: Allows the ability to read data and system statistics. Also allowed access to Historian Administrator.
Note: Instead of mapping the groups, you can choose to map individual users with Historian users. For instructions, refer to Managing Proficy Authentication Users Using the Configuration Tool.

Workflow

  1. Provide the details of the remote Proficy Authentication service while installing Web-based Clients.
  2. Connect to the remote Proficy Authentication service.
  3. Map the Proficy Authentication groups with that of the Historian Proficy Authentication instance. You can map the groups in LDAP and LDAPS (LDAP via SSL) as well.