About AVEVA Historian data security
- Last UpdatedMar 07, 2025
- 2 minute read
AVEVA Historian provides two ways to authorize access:
-
Integrated security. IDAS computers in the same domain as the historian can be configured with integrated security. Using this model, all users and computers that access historian data are assigned membership to one of the following user groups:
-
Administrators (aaAdministrators)
-
Power Users (aaPowerUsers)
-
Replication Users (aaReplicationUsers)
-
Users (aaUsers)
-
-
Workgroup security. IDAS computers outside of the historian's domain can use username and password as security. This username and password must match a local user on the server node, and must be provided in the format <server node hostname>/<user name>.
When the IDAS is configured with this type of security, an authentication token and is defined and forwarded to the remote IDAS computer. Each time the remote computer accesses the historian, it will use the token and the historian will use it to authenticate the remote computer before allowing access.
Data can be passed from any computer that's a member of the historian's Power User or Administrator group. (Computers must be on the same domain as the historian.)
When data is ready to be sent from a remote computer, the AVEVA Historian pushes configuration information, including ACLs (access control lists) that define access permissions, to HCAP on the client computer. HCAP launches IDAS on the remote computer and data is sent through HCAL to the historian.
