TN InSightXXX Creating a Multi-Site Secured Solution in Wonderware's InSight
Description
This article from InSource shows how to manage multiple sites or tenants in a single Wonderware Historian On-Line Solution. This allows securing data based on characteristics like plant location or customer for system integrators or OEM's who have their solution running in multiple client locations and want to ensure that each site can only view their data. Specific data can be secured based on login ID.
- Author: Chris Selph
- Published: 4/1/2017
- Applies to: Wonderware On-Line InSight
Details
Noting the general architecture and potential data sources in Diagram 1, each site can/will be pushing data from a variety of on-premise data sources.
Diagram 1
For demonstration let's say we have 3 sites or "roles" in the organization as seen in Diagram 2 below. There is Headquarters (HQ) and 2 plant sites, a Solutions plant and an Extrusion plant. Your goal is to have users with enterprise oversight at "HQ" that has access to all data and each plant site can only see its own data.
Diagram 2
Before Beginning: This article assumes that each plant site has been configured to push tag data into the Historian On-Line. If not check out videos in this playlist to get started. https://www.youtube.com/watch?v=aK6UEAfV9CI&list=PLfkiNwzsfU3IRxx5GFxrI2z7Udzssdjl_
Note also this will require an Office 365 subscription
Now let's segregate the existing tags into 2 primary secured groups.
Steps
Export existing tags to Excel:
Login to your Wonderware On-Line solution as an administrator
Click the On-Line Suite icon and then the Administration Link
Click on Tag Dictionary and "Let's Go" Link
Login to Office 365
Using the exported excel file, assign the desired architecture structure according to your needs. The example below will result in tag associated with HQ, HQ/Solution and HQ/Extrusion via the Location dimension. You can create more levels if you like, just know it will get more complicated to manage. Later you will assign HQ/Solution to people at the Solutions plant and HQ/Extrusion to people at the Extrusion plant. Oversight will be assigned to HQ for people at Headquarters and they will be able to see all tags.
When complete, click Save to save changes back to the cloud solution.
Now, assign your plant site users to the structures you created to ensure they can only see those tags in In-Sight.
In Administration, Click Users
Add new users and assign the correct view security structure you just created.
Note the "Selph Personal" you see represents the name of the initial Wonderware On-Line solution created when first registering.
When these users login to this solution, they will now only be able to see tags assigned to them.