RJKSolutions

Time based security

Discussion created by RJKSolutions on Mar 25, 2013
Latest reply on Jul 29, 2013 by RJKSolutions

Wanted to float an unusual requirement that came my way recently, something that can be programatically met but not something that can be done with the PI Server out of the box.

 

We all apply security to data at the tag level, Identity A can see tags ... Identity B can see tags... However, I now want to apply another dimension of security that overrides the default Data Security with time based security.  In other words, I have a piece of equipment sending data to a set of PI tags.  I have security applied to those PI tags.  I may want to execute experimental or confidential runs of that equipment for which only a subset of users have access to the data for the time period of the run, after which the "normal" security is applicable again.  This is not just a real-time requirement but should be applicable for the life time of the data, if in 1 years time sometime is doing a historical 1 year average and they don't have access to that time period it is excluded from the result.  Data retrieval would just include a similar digital state to "Archive Gap" when there are gaps in the archives.

 

It would fit nicely to lay Event Frames on top of the data for the time periods where varying levels of confidentiality are applicable.  However, that would only work if all access to the data took that in to account. 
Or...
We could use a new set of tags for the confidential periods.

 

Other ways to achieve this but none tackle the problem at the PI Server level.

 

Does this type of requirement come up with anyone else? 

 

Jay, can you fit that in for PI Server 2013?

Outcomes