Views
Create a Virtual View
You can create multiple views of the data currently in your Canary Historian archive. This allows you to provide contextualized and relevant data to both users and other software that needs access to historical or real time data.
To practice RegEx you may want to use some online resources... https://regexr.com/ is a great place to start
RegEx Cheatsheet
^ beginning of string
$ end of string
. any character
+ match one or more of the preceding
? makes preceding quantifier lazy matching as few characters as possible
\d matches any digit (\ functions as an escape character)
\w matches any word or alpha character
( ) creates capture group(s)
$ recalls capture group(s)
Alias Hays DataSet Tags
- Launch Canary Admin application
- Select Views tile
- From 'VIEWS' window, select 'down arrow' icon and 'CREATE NEW VIEW'
- Set View Name = Roadshow - Hays' Tags Aliasing
- Select Source Views as the local historian DataSet Hays
- Set Properties = Description
- Click 'OK'
If successful you should see a list of tags from the Hays DataSet with descriptions postpended.
- Download the text file 'Roadshow - Hays' Tag Aliasing Rules.txt' attached to this article
- While still editing your new view, select the 'PROPERTIES' button to the right
- Select 'IMPORT RULES' and upload the file 'Roadshow - Hays' Tag Aliasing Rules.txt'
- Collapse the Properties menu by clicking on the 'right arrow' icon
- All RegEx rules should now be loaded
- Click 'APPLY'
Combine Multiple DataSets and Build Assets
- Launch Canary Admin application
- If you do not currently have a DataSet named Calcs create one
- Select Views tile
- From 'VIEWS' window, select 'down arrow' icon and 'CREATE NEW VIEW'
- Set View Name = Roadshow - Water District (make sure you name it exactly as is typed)
- Select Source Views as the local historian DataSets Comal, Travis, Guadalupe, and Calcs by adding one at a time and then using 'ADD SOURCE' to add the remaining DataSets
- Add additional source, this time using the Roadshow - Hays' Tag Aliasing view
- No properties will be used
- Click 'OK'
If successful you should see a list of tags from all DataSets except Calcs and the Roadshow - Hays' Tag Aliasing view.
- Download the text file 'Roadshow - Water District Rules.txt' attached to this article
- While still editing your new view, select the 'PROPERTIES' button to the right
- Select 'IMPORT RULES' and upload the file 'Roadshow - Water District Rules.txt'
- Collapse the Properties menu by clicking on the 'right arrow' icon
- All RegEx rules should now be loaded
- Click 'APPLY'
Enabling Views Security
Before security can be applied, you should verify necessary endpoints are properly configured.
- Launch the Canary Admin application and click on the Views panel.
- Select the 'Configuration' option from the bottom menu.
- 'Endpoints' will be automatically displayed.
- Ensure 'Https - Username (Web API)' is checked.
- Choose whether you also want to allow Anonymous Web API access by either selecting or deselecting 'Http - Anonymous (Web API)'
- Click 'APPLY' to finalize View configuration changes.
For the majority of use cases, 'Net.TCP' will be selected for 'Windows', 'Username', and 'Secure' but not for 'Anonymous'. Both 'SOAP' options need not be selected.
Available Endpoints
Net.Pipe - Windows (Local Only) - Used when the connection is from a client on the local machine. Windows Authentication uses logon information of the current user.
Net.Pipe - Anonymous (Local Only) - Allows any local user access without credentials.
Net.TCP - Windows - Uses the windows credentials of the client user to make a secure connection through the default port (55234).
Net.TCP - Username - Uses username/password credentials entered by the client to make a secure connection through the default port (55234).
Net.TCP - Secure - Uses the Mirror credentials from the destination computer to make a secure connection through the default port (55234).
Net.TCP - Anonymous - Allows any remote user access without credentials through the default port (55231).
Https - Username - Uses username/password credentials entered by a web client to make a secure connection through the default port (55232).
Http - Anonymous - Allows any remote web user access without credentials through the default port (55230).
Managing User Access to Views
Once endpoints are configured, you must specify specific users or groups to either allow or deny access to. Canary supports both Microsoft Active Directory and Windows Local users and user groups. The Views Access menu features four windows. The top two windows primarily focus on Axiom, Excel Add-in, and Views API access. The bottom two windows are used primarily for managing Canary Mirror connections and other specialty Canary applications that use the Net.TCP Secure endpoint.
- ALLOW - Specific groups or individual users that have been given access to Views. Use the 'ADD' or 'REMOVE' feature to configure this list.
- DENY - Specific groups or individual users that have been restricted from accessing Views. Use the 'ADD' or 'REMOVE' feature to configure this list.
- ALLOW (Secure Endpoint) - Displays the credentials of clients granted access to connect to Views through the 'Net.TCP Username' or 'Net.TCP Secure' endpoint. Use 'DENY' to specifically restrict access to a set of credentials.
- DENY (Secure Endpoint) - When a secure client connection is received it automatically is listed within this panel. A system administrator must allow the client access or choose to remove it. Use 'ALLOW' to provide the selected credentials access. Use 'REMOVE' to clear a set of credentials from the list requesting secure access. Use 'REFRESH' to update the list of clients requesting access, the panel does not automatically refresh.
Granting User Access to Views
- From within the Views panel of the Canary Admin application select 'Configuration' and then 'Access'.
- Click 'ADD...' from the 'ALLOW' window to launch the Microsoft Object Picker user interface.
- You may now select either a individual user or group of users that has been established with Microsoft Active Directory or a Windows Local account.
- Click 'OK' and then 'APPLY' to add the user or group.
- Repeat this process as necessary.
Restricting User Access to Views
- From within the Views panel of the Canary Admin application select 'Configuration' and then 'Access'.
- Click 'ADD...' from the 'DENY' window to launch the Microsoft Object Picker user interface.
- You may now select either a individual user or group of users that has been established with Microsoft Active Directory or a Windows Local account.
- Click 'OK' and then 'APPLY' to restrict the user or group.
- Repeat this process as necessary.
Configuring Data Access Security and Permissions
Once users are authenticated, you may then enable Views security and then select which Views, DataSets, branches, and even which tags they have access to either read, write, or read/write from and to.
Enable on Views Security
- From within the Views panel of the Canary Admin application select 'Security' and then 'Settings'.
- Check 'Security Enabled' and then 'APPLY'.
Configure Views Security Permissions
Both explicit and inherited permissions can be administered to Views, DataSets, branches, and individual tags. Explicit permissions are applied by default when an object is created and will take precedence over an inherited permission.
If a user is listed within the 'Explict Permissions' along with a group they also belong to, make sure the user is ordered above the group by clicking and dragging them above the group.
When configuring Explicit Permissions you can choose from the following:
- None - will keep the user or group from accessing this branch and any other sub nodes or tags within it.
- Read - will allow the user or group to read data from this branch and any other sub nodes or tags within it.
- Write - will allow the user or group to write annotations and potentially tag values to this branch and any other sub nodes or tags within it.
- ReadWrite - will allow the user or group to both read or write annotations and potentially tag values to this branch and any other sub nodes or tags within it.
- From within the Views panel of the Canary Admin application select 'Security' and then 'Permissions'.
- From the 'BROWSE' window, select the top level of the browse structure (will be highlighted when successful).
- Click 'ADD...' from the 'EXPLICIT PERMISSIONS' window.
- Select 'user...' to launch the Microsoft Object Picker user interface.
- You may now select either a individual user or group of users that has been established with Microsoft Active Directory or a Windows Local account. Click 'OK'.
- With the user info now listed, choose the level of access you wish to grant, then click 'ok'.
- Repeat for other users or groups if necessary.
- You must click 'APPLY' to set the permissions.
This process can now be repeated for all other views, DataSets, branches, and tags. By applying an access setting of 'None', all other sub nodes, branches, and tags will inherit this permission.
Likewise, if a branch has been set to 'None', selecting a sub branch or even tag within the branch and setting the access to 'Read', 'Write', or 'ReadWrite' will grant access to that item and all sub nodes, branches, or tags within.
The 'INHERITED PERMISSIONS' window is useful for displaying how the explicit permissions already defined effect the currently selected View, DataSet, branch, or tag.
Monitoring Permissions
Two tools can be used for viewing current permission rules. The 'EFFECTIVE PERMISSION' window found with the 'Permissions' menu can display either user or group access levels for each View, DataSet, branch, or tag as they are selected within the 'BROWSE' window.
Additionally, the 'Overview' menu will display each View, DataSet, branch, or tag path in which security permissions have been applied and these permissions effect user and/or group access levels.