16.4. How To Configure a Common Scenario

The most common OPC DataHub security configuration is simply to allow only authorized users to connect via TCP or via a tunnel/mirror, and to allow any users to connect via DDE. To do this, follow these steps:

  1. With the DataHub running, right click on the OPC DataHub system-tray icon and choose Properties.
  2. In the Properties window, select Security .
  3. From the Users list, select the anonymous user.
  4. Press the Edit button to open the Permission Editor:
  5. Uncheck all the boxes in the Permissions section to remove all permissions from the anonymous user
  6. In a similar way, open and edit the permissions for the DDE protocol users, checking only these permissions:
    Connect
    Read and register points
    Change point values
    Create new points
    Create a new data domain
  7. If the Mirror and TCP protocol users are not labeled (anonymous) in the Group Membership column of the Users list, open the Permission Editor for each in turn and press the Reset to Anonymous button. Then press the Apply button at the bottom of the Scripting options.
  8. Add a user group called, for example, users, with the same permissions as you set for the DDE protocol users (above).
  9. Add new user names and make them members of the group users.

The result of these steps will be:

    If the anonymous user has no permissions, then a connecting program cannot read or write data until it has authenticated, or until it is promoted to a protocol user.

    If the client is connecting via DDE, it can interact with the data as a user of those protocols.

    The Mirror and TCP connections are given the same permissions as anonymous, blocking all activity by anonymous users on those interfaces.

    Connections on TCP or mirror/tunnel connections that authenticate with a valid user name and password will be given the necessary permissions to interact with the OPC DataHub's data.