Knowledge Base

You can access this configuration by the menu:

Overview

The configuration of the OPC server is in 3 parts. The first is for address space browsing, that is what an OPC client can see when browsing. The second for security, that is what an OPC client can access. The third for logging of user actions.

The OPC Server configuration is a system-wide configuration: in a networking application, this configuration will be applied to each station.

Address space browsing

The configuration in this section is to allow the display of variable properties in the browsing. The variable properties are located in a branch of the same name of the variables and each leaf at this level is a property of the variable.

The variable properties which can be browsed include:

• text and binary attributes they enabled
• domain
• nature
• security level if the variable is writeable
• alarm state if the variable is an alarm
• alarm level if the variable is an alarm
• minimum and maximum values if the variable is a register
• range minimum and range maximum values if the variable if a scaled register
• control minimum and control maximum values if the variable is a writeable register

All these properties are read-only, except the text and binary attributes and the simulated flag that can be writeable if configured as such.

The properties behaviour configuration is also available by the menu:

For each binary and text property and the simulated flag, you can configure if the property is writeable or read-only and, if writeable, the command level.

Security

The application designer has the choice between 3 choices.

• Disable the server – Disables the OPC server. In this mode, no OPC client can connect the OPC server. This option allows the designer to secure its application by only one click, if no OPC connection is needed for this project.
• Use authentication – Allows an OPC client to authenticate as a user. The OPC client uses the IOPCSecurityPrivate interface. This standard interface is described in the OPC Security specification available on the OPC foundation web site. If the client doesn’t logon (or after a logoff), this OPC connexion context is set with the user rights of the DEFPROFILE. After a logon with a well-known user, the OPC connexion context is set with the user rights of the associated profile.The user rights are used to check security when the OPC client initiate write requests.
• Turn-off the security – This last choice is the behaviour of previous versions. Any OPC client can connect and possibly write all the writeable variables regardless of who it is. In this mode, the designer can choose to allow or not browsing and writes.You can choose to disable browsing when the configuration of the OPC clients is done. After that, OPC clients cannot browse the server address space and only anyone knowing the variable structure of the project can access variables. Choosing to disable writes is useful when the SCADA is connected by OPC clients that should be read only. It is an easy way to prevent OPC client to write and perturb the process.

Log user actions

It is possible to log user actions, made via the OPC server, as if they are made by a SCADA user. The user name is set by the OPC client by using the IOPCSecurityPrivate interface. When a user is logged on, the writes are logged as a user action made by this user. You can log user action even when the security is turned off. In this mode, the server accepts IOPCSecurityPrivate calls, but doesn’t check the password. The user name is only kept to log user actions.

If nobody is logged on the write actions are still logged but the User field is set to an empty string.