Restrict Tag Access
Access to tag data and the ability to see what tags are available can be restricted by user authentication or prevent unauthorized access. The Security features can be used to designate tag groups or individual tags per organization, customer, or designation on how you determine to allocate users in OAS.
Before proceeding first follow the steps in the Getting Started – Security guide to create an Admin user.
When adding tags to OAS organizing the tags in groups by area or organization will make the security restriction easy to designate tags that start with a character string.
In the following steps we will use the example tag configuration demonstrate access to tags organized by company and customer.
To restrict access to read, write, and browse tags use the Security group tab Tags, Read Tags, and Write Tags of the Default security group and allow access to the designated security group defined to each user.
Read Tags
Use Configure-Security to list all currently defined Security Groups.
Select the Default security group and uncheck Enable All Features.
Under the Read Tags tab check Disable All Tags From Reading.
Note: This will prevent all applications including remote OAS Engines to receive live values from this OAS Engine.
You can optionally enable specific tags or tags start with a matching string for read access without authentication required.
Select Apply Changes to update the Default security group.
Next create security groups for customers, companies, administrators full access privileges.
The first example create a security group for Customer 1 of Company 1.
Change the Group Name property of the security group, the group name can be anything you like, we will use Company 1-Customer 1 in this example.
In the Read Tags tab leave Disable All Tags From Reading unchecked.
Select ADD in the list to Enable Reading Tags that Start With to browse for a tag within the Company 1.Customer 1 group and remove the tag portion of the string and select OK.
This security group will allow read access to tags that start with Company 1.Customer 1.
Note: If you wanted to provide company wide access to all customers set the string that starts with to Company 1. If you want to provide read access to all tags in the configuration uncheck Disable All Tags From Reading.
You can also designate tags by complete name with the list Tags To Enable Reading. This is a way to include specific tags within a tag group, but not all tags in the group.
Select Add Group.
From the top menu select Configure-Users to define one or more users to the Company 1-Customer 1 group.
Enter a User Name and Password for the user that will have access to read tag from Company 1.Customer 1 tag group.
Use the Security Group pull down to select the security group you have defined for the Company 1.Customer 1 group.
Select Add User.
Repeat the above steps for each customer in each company.
Note: To define multiple security groups and users you can use CSV Export / Import.
Write Tags
To restrict write access to tags per user use the same steps above as listed for Read Tags and use the Write Tags tab of the security groups.
In the Default security group check Disable All Tags From Writing.
In each additional security group select ADD in the list to Enable Writing Tags that Start With to browse for a tag within the Company 1.Customer 1 group and remove the tag portion of the string and select OK.
This security group will allow write access to tags that start with Company 1.Customer 1.
Note: If you wanted to provide company wide access to all customers set the string that starts with to Company 1. If you want to provide write access to all tags in the configuration uncheck Disable All Tags From Writing.
You can also designate tags by complete name with the list Tags To Enable Writing. This is a way to include specific tags within a tag group, but not all tags in the group.
Browse Tags
To restrict browse access to tags use the same steps above as listed for Read Tags and use the property Disable All Tags from Browsing in the Tags tab of the security groups.
Check Disable All Tags From Browsing in the Default security group in the Tags tab and select Apply Changes.
Select Apply Changes to update the Default security group.
In each additional security group select ADD in the list to Enable Browsing Tags that Start With to browse for a tag within the Company 1.Customer 1 group and remove the tag portion of the string and select OK.
This security group will allow browse access to tags that start with Company 1.Customer 1.
Note: If you wanted to provide company wide access to all customers set the string that starts with to Company 1. If you want to provide browse access to all tags in the configuration uncheck Disable All Tags From Browsing.
View how to Implement User Credentials in Client Applications to provide log in method for each user.