I am looking to limit a service account's permissions to a Process Cell in a specific area. Is this possible, or am I limited to Areas only?
Here is some background: At a site that I maintain, we have a few systems on the corporate network reaching through via OPC to DeltaV:
Each system has it's own service account, but it must have at least control permissions to read data and write commands. The concern is that someone who is logged into either system could pull up an OPC browser, connect to DeltaV via OPC, and issue rogue commands.
My initial plan to prevent this scenario was to move the data landing zones for each of these systems into their own separate areas and limit the service accounts permissions to that area only. The downside to this plan is that it seems as though I would need to create an area for each system/service account to provide the minimum access possible. Maybe it is just me, but I don't really want to create a bunch of areas just to support this. I would like to create a single area and segregate with P-Cells (for neatness really).
Is this possible? Is there another way to solve the problem?
Thank you,
Andre Dicaire
In reply to Andre Dicaire: