Security Setup Example

About this task

The following example takes you through the process of establishing your security needs and defining and setting up the levels of security.

For this example, assume the following user needs in a plant of 14 users:
UserNeedsAdded to Security Group
USER1Power user. Needs total access to security.iH Security Admins

USER2

USER3

USER5

USER6

USER8
  • Read/Write Data (no messages).
  • Create, modify, and delete tags.
  • Backup, restore, and create archives.
  • Connect to Data Archiver without creating login successful audit messages
  • iH UnAudited Writers
  • iH Tag Admins
  • iH Archive Admins
  • iH UnAudited Logins

USER4

USER7
  • iRead/Write Data (no messages).
  • iCreate, modify, and delete tags.
  • iStart/Stop Collectors.
  • iBackup, restore, and create archives.
  • iH UnAudited Writers
  • iH Tag Admins
  • iH Collector Admins
  • iH Archive Admins
USER9-14Read Data. iH Readers

Procedure

  1. Establish the needs of your users. For this example, assume the user needs in a plant of 14 users, as described in the previous table.
  2. Add and define the iH Security Admins Group.
    Once you determine that you want to establish a security structure, you must create and define the iH Security Admins group. This group of users is typically the "power users" of the Historian. Security Administrator rights allow them to manage configuration and give them free rein to the entire system. For this example, only USER1 would be added to the iH Security Admins group.
  3. Establish and create any other Historian Security Groups as needed.
    Note: Any user with Windows administrative permissions can add or remove Windows groups and users. As such, an administrator on a Windows computer, can add himself to any Historian security group.

    Set up the functional security groups as needed. For this example, Write, Tag, Archive, and Collector security is required, so the groups associated with those functions should be added and defined. There is no need for Audited Writers and all valid users can read data, so neither the iH Audited Writers Group nor the iH Readers Group need to be added.

  4. Define any individual Tag Level security.

    In addition to defining iH Tag Admins that have the power to create, modify, and remove tags, you can also define individual tag level security to restrict access to sensitive tags. You can grant read, write, or administrative privileges per tag. For more information on setting Tag Level security, refer to the Implementing Tag Level Security section.