Security Guidelines

The security recommendations for the administrator of AVEVA™ Gateway Data Publisher are as follows:

• Use the principle of least privilege

  • For the users of AVEVA™ Gateway Data Publisher: Grant Read/Write access to the folders (staging areas) that you have configured for watching by the AVEVA™ Gateway Data Publisher instances. Grant Read/Write access fo the AVEVA™ Gateway Data Publisher logs folder.

  • For the users of AVEVA Gateways: Change the access to Read/Write only to the specific files and folders the gateway needs to modify. For example, you can grant Read/Write access to the Staging Area folders. Grant ReadOnly access to the AVEVA™ Gateway Data Publisher logs folder.

  • For AVEVA™ Ingestion Service: Grant Read/Write access to target folder (Asset Id) for the specific CONNECT account user.

• Please ensure that the system does not have any specific rules implemented for blocking AVEVA™ Gateway Data Publisher from connecting to AVEVA™ Ingestion Service.

  Note: If the above security recommendations are not suitable for your environment, you must investigate what is the most suitable approach for your environment and apply those practices.

When you run AVEVA™ Gateway Data Publisher as a Windows service for the first time, the service is started using the Local Service account. For enhanced security, it is recommended to switch to a dedicated service account that has required access privileges. To do this, open the Services window, and edit the Log On properties of the service.