Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Gateways

Security Guidelines

  • Last UpdatedMay 06, 2026
  • 2 minute read

Because the gateway produces data into file system or network folders specified by the user for loading into AVEVA™ Asset Information Management or AVEVA Ingestion Service, it needs to read, write and modify both files and folders.

The following are the security recommendations for users using the gateway :

  • Use the principle of least privilege

    • For AVEVA™ Asset Information Management: Grant only Read access to the user account that is used to run the gateway for all file and folder locations. Change the access to Read/Write only to the specific files and folders the gateway needs to modify. For example, you can grant Read/Write access to the Staging Area and Logs folders.

    • For AVEVA Ingestion Service: Grant Read/Write access to target folder (Asset Id) for the specific AVEVA Connect account user.

  • You do not need to adjust your Firewall settings or User Account Control settings when you install or use the Gateway.

  • The gateway uses the host product's project defaults location (%APSDFLTS%\IEDGateway) for storing various configurations and settings. Only project administrators must have Write access to this folder. Other users must be given Read-only access.

    Note: If the above security recommendations are not suitable for your environment, you must investigate what is the most suitable approach for your environment and apply those practices.

Configuration Protection

Gateway administrators can protect gateway configurations by enabling the Protect configurations setting. This feature encrypts gateway configurations stored in the project defaults location to prevent unauthorised access or modification.

Note: The Protect configurations setting is only available when using AVEVA Unified Engineering 4.1 or later.

To enable configuration protection:

  1. On the Gateway Setup window, click Settings. The Settings dialog box is displayed.

  2. On the Other tab, Select the Protect configurations check box.

When configuration protection is enabled:

  • All new gateway configurations are encrypted when saved.

  • Any existing unencrypted configurations are encrypted when they are next saved by a configuration administrator.

    Note: By default, configuration protection is enabled.

Export Configurations

When a configuration is exported, it is always exported in unencrypted form regardless of the protection setting. This ensures that configurations can be imported into a different project.

Related Links
TitleResults for “How to create a CRG?”Also Available in