Security Policies

See purchasing information for more details
security policies demo download

Product Overview

Security Policies allows administrators to assign security access permissions on individual objects (such as channels, devices, and tags) based on the role of the user interacting with the Runtime project. It is used in conjunction with the server's User Manager, which enables management of user groups, users, and default security settings.

Prior to KEPServerEX Version 6, the Security Policies advanced plug-in was an independently-licensed feature.

Security Policies



  • Allow and deny Dynamic Tag addressing
  • Organize security policies by user groups
  • Support for the following user group access categories:
    • Dynamic Addressing
    • I/O Tags
    • System Tags
    • Internal Tags
    • Browsing
  • Support for the following user group permissions types:
    • Read
    • Write
    • Browse
  • View and locate prior changes through the advanced plug-in interface’s font styling hierarchy and color scheme
  • Copy permissions for the current access category to/from a user group
  • Move permissions for the current access category to/from a user group
  • Clear all custom permissions from an access category

Available Languages

  • English

Release Notes



  • Resolved an issue where certain device properties could not be edited if the Security Policies Plug-In applied a custom access rule on the device. The Security Policies Plug-In created a reference on the device that the device interpreted as a client reference. By default, KEPServerEX does not allow device edits if a client is referencing the device. The Security Policies Plug-In is no longer treated as a client reference and allows edits.

Requirements and Restrictions

  • Client Application Support
    • User Level Support: OPC UA
    • Anonymous Login Support: OPC DA, OPC .NET, OPC AE, Wonderware SuiteLink, and GE IP NIO
  • Project Files
    • Once security permissions have been applied in the Security Policies tab, the project can only be saved as a .opf file; .xml is no longer an option.
    • A project that contains security permissions will require Security Policies to be installed in order to load the file.

What Is an Advanced Plug-In?

KEPServerEX is more than an OPC server—it’s a connectivity platform for industrial automation and IoT. Simply download KEPServerEX, and then select from Kepware’s library of more than 150 device drivers, client drivers, and advanced plug-ins to fit the communication requirements unique to your industrial control system.

An advanced plug-in extends the capabilities of the KEPServerEX connectivity platform. It provides enhanced server functionality, increasing the usefulness of data by transforming it beyond raw data in a device register.

Advanced plug-ins may be licensed individually or as part of suites, and can be licensed on demand as connectivity needs evolve.

Purchasing Information

Security Policies
Contact us for pricing

© PTC Inc. All Rights Reserved.