Implementing Data Store-level Security

About this task

In addition to defining the iH Tag Admins who have the power to create, modify, and remove tags, the individual tag-level security, you can also define individual data store-level security to protect sensitive tags.
Note: The security settings defined at the tag level, if any, take the precedence over those at the data store-level.

You need the Historian Security Groups to implement data store-level security. You can use a Windows pre-defined group (power users, for example) or create your own separate group specifically for this function. For more information on creating and adding groups, refer to Setting Up Historian Security Groups.

Users must have iH Security Admins rights to set individual data store level security.

Procedure

  1. Access Configuration Hub.
  2. In the NAVIGATION section, under the Configuration Hub plugin for Historian, select Data Stores.
    A list of all the data stores appears.
  3. Select the row containing the data store whose security you want to define.
    The data store details appear in the DETAILS section.
  4. In the SECURITY section, enter values as described in the following table.
    Field Description
    Read Group The Windows security group that can retrieve the tag data and plot it in a trend chart for the selected data store.

    For example, if you select a group with power users, in addition to members of the iH Security Admins group, only a member of the power users group will be able to read data of the tags for that data store. Even a member of the iH Readers group will not be able to access data of the tags for the selected data store, unless they are also defined as a member of the power users group.

    Write Group The Windows security group that can write tag data for the selected data store (for example, using the Excel Add-in for Historian).
    Administer Group The Windows security group that can create, modify, and delete the tags for the selected data store.
    Note: When it comes to the group security, the security settings applied at the tag level, if any, take the precedence over those at the data store level.
    Note:
    • If you are using domain groups (instead of local groups), the Read Group, Write Group, and Administer Group fields contain only the groups whose names begin with iH<space> (case-sensitive). Therefore, ensure that the group that you want to use begins with iH<space>. For more information on the security groups, refer to Historian security groups.
    • If you are using Proficy Authentication, any custom groups that you created must be defined in Proficy Authentication and added to the group whose names begin with ih_<group_name>. For more information on the Proficy Authentication groups, refer to about Proficy Authentication groups.

    For more information on System Global security settings, refer to access system.