About security

For clients to access the Historian, they must pass through both of these security levels.

The Historian Management Console (within the Operations Control Management Console) adds an additional layer of authorization to restrict access to functions affecting the state of the Historian to only authorized users. For example, you can grant a Windows user account access to start and stop Historian services by assigning it the Historian Power Users role, or by adding it to the aaPowerUsers Windows user group. For more information, see Add users and assign roles.

Note: Some Historian components require Windows and SQL Server logins.

For more information on configuring user rights assignments for local security policies, see the Microsoft documentation.

Security for AVEVA Historian is managed using the following tools:

• Microsoft SQL Server Management Studio.
  Use this application to manage access to the SQL Server and databases.

• Windows Local Users & Groups MMC snap-in.
  Use this to manage permissions on the Historian and for the OData/REST web service interface. You can also use it as an alternative to configuring permissions within the database when using Windows authentication.

  For more information, see Manage logins.

• ArchestrA Change Network Account utility.
  Use this utility to modify the Windows login for the Historian services on remote servers. For example, if you are configuring an AppEngine to send data to a remote Historian, this utility is used to choose the Windows user account with which to connect to the server.