OPC Security Settings

The OPC items exposed to any third-party OPC clients are defined according to the access rights settings of an OPC user and OPC user groups.

You must first define an OPC user software account (see Create a Software Account User for OPC).

OPC User Software Account

 

Then you must create an OPC group to which the OPC user software account belongs (see Create a User Group for OPC).

 

User Group for OPC

 

Finally, you must specify the scope rights of the OPC group (see Link Scopes to the OPC User Group).

 

An OPC group can contain many OPC scopes.

 

Scope Rights for OPC

 

NOTICE
Scopes for OPC

When you configure the settings in the Scope Rights expander, remember to link only the scopes available in the Scopes folder in System Browser. If you try to add a new scope in the Scope Rights expander by clicking the Add button, this results in an invalid configuration (Scope = [name of the system]), and any third-party OPC clients will display an error message when trying to start the connection with Desigo CC OPC DA server.

 

NOTICE
Read and Write Access for OPC Items

Once the Desigo CC OPC DA server starts, all the information related to the OPC items is read from the database and exposed to the connected third-party OPC clients. Reading OPC items consists in retrieving standard and custom properties for all the system objects present in Management View and Application View and belonging to the scopes associated with the OPC user group.
Commanding an OPC item consists in the following write operation: executing a Desigo CC command on a property representing a specific OPC item.

 

How to Allow Commanding OPC Items

In the Security tab, the Scope Rights expander allows defining the write access on points, and this is strictly dependent on libraries. To allow commanding an OPC item, do the following:

  1. Configure the property as readable/writeable: in the Scope Rights expander, locate the Property Group settings and specify W.
  1. Configure the write operation for the property in the object model: in the Command Configuration expander, locate the Name column and enter exactly the text Write.

 

NOTICE
About Write Access Configuration

- If the OPC library configuration does not provide the write access (that is, a command with Name = Write) even though the Command groups settings are configured in Security, the write operation will fail, and the third-party OPC clients will display an error code (see Standard OPC Error Codes).
- For each property, the name of each command must be unique. This means that the Write text can be specified for one command only. In case of special configurations, see the workaround described here: Unable to Write all the Values Through OPC DA Server.
- If you do not enter the exact text into the Name column (Write with a capital letter followed by lowercase letters), the command will not be executed on the corresponding OPC item.
- The write operation never writes a value directly into an OPC item. Instead, if a property is associated with a command named Write that respects the constraints described above, the command will be executed.