19.11. Security

This option in the Properties Window sets up security for the OPC DataHub. For more information on DataHub security, please refer to Chapter 16, Security.


Groups provide a common security configuration for any number of users. To add or edit a group, press the Add or Edit and enter the necessary information in the Permission Editor.


There are two kinds of users--normal and special. Normal users correspond to individuals with a name and a password. Special users provide a way to offer different security models for different protocols. For more information on types of users, please refer to Section 16.2, “User Authentication”.

To add or edit a user, press the Add or Edit button and enter the necessary information in the Permission Editor.

Permission Editor

The Permission Editor allows you to change the permissions for any user or group.


Check or uncheck the boxes to assign permissions.


This user is allowed to maintain a connection to the OPC DataHub. When a connection is made, the client has a 5-second grace period in which to authenticate before the client is disconnected. If the client does not have Connect permissions after the grace period expires, it will be disconnected.

Read and register points

This user is allowed to read point values and subscribe to point value changes.

Change point values

This user is allowed to write a new point value to the OPC DataHub.

Force value changes

If the user has Change point values permission, he may also have this permission. In this case, the user will able to send the force and cforce commands to the DataHub, which will override the read-only status and timestamp check for a point, thereby forcing a write to succeed where it would otherwise fail.

Create new points

This user is allowed to create new points in existing data domains in the OPC DataHub.

Delete an existing point

This user is allowed to delete a point from the OPC DataHub.


Normally, no client should be allowed to delete points from the OPC DataHub. Deleting points can be very disruptive for existing clients. Use this permission with caution.

Create a new data domain

This user is allowed to create new data domains. Normally you should also set Create new points permission when you set this permission for a user.

Load a configuration file

This user is allowed to tell the OPC DataHub to load a specific configuration file.

Create and edit users and groups

This user is allowed to create and edit users and groups non-interactively.

Change the program configuration

This user is allowed to transmit commands to the OPC DataHub to alter the DataHub's configuration. This normally includes actions like enabling and disabling particular interfaces and functions within the dho.

Change auto domain creation

This user may change the flag indicating whether the OPC DataHub should automatically create a data domain when a user requests a point in a non-existent data domain.

Shut down the program

This user may transmit an exit command to the OPC DataHub, causing it to shut down.


Here you can specify maximum numbers for logins, and login expiry dates.

Allow a maximum of N concurrent logins

If this option is selected the user will be limited to N concurrent connections, regardless of the connection type. For example, if N is 2, the user would be allowed to make 2 TCP connections, or one TCP and one DDE connection. This option also applies to anonymous users.

Allow a maximum of N logins

This user is allowed to connect to the OPC DataHub at most N times, ever. Once the user has connected to the DataHub this many times, future attempts to log in will be refused. The DataHub remembers the login count for each user even after it has been restarted.

Expire on YYYY/MM/DD

If this option is selected, the user will be allowed to log in to the OPC DataHub up to, but not including, the date selected.