This project has moved. For the latest updates, please go here.

control access to historical data

Jun 19, 2014 at 4:55 PM
Hello all.

Is there a way to control the access to the openPDC historical data? For example, if I have an external application that accesses historical data using the web service, is there a way to control who (users or client hosts) can access the web service?

Thanks.
Coordinator
Jun 19, 2014 at 6:08 PM
Edited Jun 23, 2014 at 5:16 PM
Below are a few easy steps to turn on security for the historian time-series data services. This uses the same role-based security as defined in the openPDC, i.e., you will control access to the web service using the openPDC Manager security configuration.

In the example configuration steps defined below as long as a user and/or group has a "role" defined in the openPDC security system (i.e., a Windows user and/or group has a defined role of Administrator, Editor or Viewer) then they can access the read portion of the web service. Only Administrator and Editor roles will have write access.

You can modify the IncludedResources value to further control security if needed, e.g., allow different access control to statistics and data historians. For example, setting the IncludedResources value to "*:6152/historian/timeseriesdata/read/*=*; *:6152/historian/timeseriesdata/write/*=Administrator,Editor;" would only turn on security for data historian but not statistics historian.

If you want any user or group that has a role defined in the openPDC to have access to read or writes in any of the historian web services, the value to insert into IncludedResources can be very simple: "*/historian/*=*".

Configuration steps:
  1. Stop openPDC service
  2. Edit openPDC.exe.config file (have to run editor with admin access) and make following changes:
    1. configuration\categorizedSettings\securityProvider\add name="IncludedResources" - insert the following text into the value "*/historian/timeseriesdata/read/*=*; */historian/timeseriesdata/write/*=Administrator,Editor; "
    2. configuration\categorizedSettings\ppaTimeSeriesDataService\add name="SecurityPolicy" - set value to "GSF.ServiceModel.SecurityPolicy, GSF.ServiceModel"
  3. Save openPDC.exe.config
  4. Restart openPDC service
XML updates should look similar to the following:
<configuration>
  <categorizedSettings>
    <securityProvider>
      <add name="IncludedResources" value="*/historian/timeseriesdata/read/*=*; */historian/timeseriesdata/write/*=Administrator,Editor;  UpdateSettings,UpdateConfigFile=Special; Settings,Schedules,Help,Status,Version,Time,Health,List,Invoke,ListCommands,ListReports,GetReport=*; Processes,Start,ReloadCryptoCache,ReloadSettings,Reschedule,Unschedule,SaveSchedules,LoadSchedules,ResetHealthMonitor,Connect,Disconnect,Initialize,ReloadConfig,Authenticate,RefreshRoutes,TemporalSupport,LogEvent,GenerateReport,ReportingConfig=Administrator,Editor; *=Administrator"
        description="Semicolon delimited list of resources to be secured along with role names."
        encrypted="false" />
    </securityProvider>
    <ppaTimeSeriesDataService>
      <add name="SecurityPolicy" value="GSF.ServiceModel.SecurityPolicy, GSF.ServiceModel"
        description="Assembly qualified name of the authorization policy to be used for securing the web service."
        encrypted="false" />
    </ppaTimeSeriesDataService>
  </categorizedSettings>
</configuration>
Marked as answer by ritchiecarroll on 6/19/2014 at 11:25 AM
Jun 24, 2014 at 10:40 PM
It's working great.

Thanks.