Implementing Tag Level Security

About this task

In addition to defining the iH Tag Admins who have the power to create, modify, and remove tags, you can also define individual tag level security to protect sensitive tags.

Set tag level security in the Historian Administrator. You do not need to use the Historian Security Groups for this security setting. You can use a Windows pre-defined group (power users, for example) or create your own separate group specifically for this function. For more information on creating and adding groups, refer to Setting Up Historian Security Groups.

Users must have iH Security Admins rights to set individual tag level security, browse, or query tags in the Historian Administrator.

Note: Tag security is not enforced in the Trend Client when it comes to browsing the full list of tags. Security, however, is enforced when it comes to trending data for tags for which you have permission. For example, if you are logged into the Trend Client as a user that is a member of the User Group assigned to a tag's security Read Group, you will still be able to browse all Historian tags. However, you are only allowed to trend the tags for which the user is a member of the User Group assigned to the tag's security Read Group,

Procedure

  1. Open the Historian Administrator.
  2. Click the Tags link.
    The Tag Maintenance screen appears.
  3. Select a tag (or group of tags) from the Tag Name section of the Tag Maintenance screen.
  4. Click on the Advanced tab to display the advanced tag options.
  5. In the Read Group, Write Group, or Administer Group field, select the security group that you wish to assign to the tag from the drop-down list.
    The drop-down list automatically lists all security groups that are defined in your Windows security environment.

    For example, if an iH Security Admins user selects a tag and chooses power users from the Read Group drop-down list, in addition to members of the iH Security Admins group, only a member of the power users group will be able to read data for that tag. Even a member of the iH Readers group will not be able to access data for that tag, unless they are also defined as a member of the power users group.