Security in SCADA system is data oriented, this mean the security level for read and write need to be applied to runtime or archived data, which refer to individual tag and database. There are two approaches in implementation, one is a plant wide Level Security Control and another one is individual Label Security Control. The security design is flexible so they may work separately or combined.

Security Access based on Area Control

The default stage for newly created tag has no security control for read and write until it is explicitly specified with level or label. It can then be associated with user name for different label or level of access.

The lowest security level is zero (0) and the highest possible level is one thousand (1000). The required level or group of security for one project shall be planned ahead. It can be split by hundred for each level, and each level can be associated separately for read and write access.

On the other hand, label can be added with total freedom when a plant need to be sectionized into several areas for isolation control, access will be granted when both conditions of level and label are met. User may disable level control by setting the value to zero or remove the label control by leaving the label column blank.

In another word, the level control can work by itself, and adding label on it will give it additional security control. This mean if a Tag is set to 100 level + labeled with Area1, then Operator1 who has privilege of level 500 + area1 will be able to access this tag. But every other users without labeling with area1 will not be able to access this tag, even with level of 900.

Label for user can be added as many as the system required, but be cautious when adding label on tag, as that will restrict access for operator. Putting label on users is like giving them key, putting label on tag/db means adding lock onto those associated equipments. They must be matched in order to pass the security control.

User login popup.