OK, so here’s the case:
In our Ignition OPC UA-server we have all the tags for all the PLCs in our factory.
Now we are to start delivering products to an neighbouring plant through a pipeline. This means that this neighbouring plant needs to monitor some tank levels, and control some valves at our plant using their SCADA-system (Wonderware InTouch).
The “perfect” way to solve this (in my mind) would be for them to access our OPC -server (we will establish ethernet communications / firewalling).
The problem is that we dont’t want them to access ALL of our tags, only the tags that they need access to.
Is there any practial way to solve this? Do we need additional software to solve this issue?
[quote=“pat.stave”]OK, so here’s the case:
In our Ignition OPC UA-server we have all the tags for all the PLCs in our factory.
Now we are to start delivering products to an neighbouring plant through a pipeline. This means that this neighbouring plant needs to monitor some tank levels, and control some valves at our plant using their SCADA-system (Wonderware InTouch).
The “perfect” way to solve this (in my mind) would be for them to access our OPC -server (we will establish ethernet communications / firewalling).
The problem is that we dont’t want them to access ALL of our tags, only the tags that they need access to.
Is there any practial way to solve this? Do we need additional software to solve this issue?[/quote]
If you can connect to the ignition opc ua server with a client besides ignition(not sure if you can or not, for some reason I dont think that you can), you can use the kepware opc ua client driver to connect to ignition opc ua, then you can import in the tags that you want and let them connect to the kepware. They would only see the tags that you import in when browsing the kepware opc server.
another option would be to setup a transaction group that has a row for every one of your tags. then use the kepware db to opc server and make those tags available to them like that.
Our server doesn’t do roles/permissions at the tag level, using either multiple Ignition OPC-UA servers as JordanCClark suggested, or Kepwares as diat150 suggested, is probably the way to go.
Now I'm just confused... not that it would have taken long, anyway. What does the permissions dialog do for us?
Now I'm just confused... not that it would have taken long, anyway. What does the permissions dialog do for us?[/quote]
That's for permissions on SQLTags. The scenario we're talking about here is external UA clients accessing tags in the UA server, which are not SQLTags.
OPC-UA nodes have facilities for specifying which users are allowed to read/write to them, but we don't take advantage of that right now.
Ah! Okay, I feel better now! 
If i go the route of adding a second server i see two possibilities;
-
Add the PLC as a device in the 2nd server. I don’t think this will work as this would enable access to all of the devices tags? (am i right?). I need to limit access on a tag level, not a device level.
-
DB-> OPC bidirectional transaction group. The 2nd server will read the SQLtags of the 1st server. I don’t think this will work either as i don’t think an SQL tag can be made availble through the OPC-UA server (only the other way round).
Any other solutions for using Ignition OPC-UA?
Anybody know of a “OPC funneler” that works with OPC-UA? (Matrikon / Kepware seems to only support DA for this purpose).
[quote=“pat.stave”]
2) DB-> OPC bidirectional transaction group. The 2nd server will read the SQLtags of the 1st server. I don’t think this will work either as i don’t think an SQL tag can be made availble through the OPC-UA server (only the other way round).
Any other solutions for using Ignition OPC-UA?
Anybody know of a “OPC funneler” that works with OPC-UA? (Matrikon / Kepware seems to only support DA for this purpose).[/quote]
yes, you can use kepware db to opc client to do #2.
The latest version of kepware has a opc ua client driver. I havent tested trying to connect to igntion opc ua but they have a trial version.
+1 for using diat150’s suggestion, Kepware with the UA client driver.
