Generic filters
Exact matches only

Use Multiple Sites for Security

Visual KPI supports the use of multiple sites for security, allowing you to have a finer level of control over who will have what type of access to your various KPI data.

If you have only a single set of users who all need the same access to all of your KPI data, then implementing Active Directory security on your Visual KPI site is easy enough.

But, what if you have multiple user groups, each of which needs access to different sets of KPI data, and/or different levels of access, such as read-only as opposed to edit? How can you assign different levels of access to each of the different user groups?

Well, you can’t if you only have a single Visual KPI site. You may want to consider having multiple sites for security reasons.

The following is an example implementation of Active Directory security using multiple Visual KPI sites.

ACME Manufacturing Example

Let’s look at an example where multiple Visual KPI sites would be required to implement Active Directory security.

ACME Manufacturing has two plants, each of which has its own set of KPIs. ACME wants to have multiple levels of access to KPI data, based on an employee’s job title. Some users will only need to view the KPI data on the website, while others will need to use Visual KPI Designer to edit the KPI configuration data. Additionally, ACME wants to limit KPI visibility based on an employee’s location.

The following table shows the different groups of ACME users, listed across the top row. In the first column is the list of required access levels, broken down by location.


VKPI Admins

Corp Execs

Plant 1 Mgr

Plant 1 Supv

Plant 1 Tech

Plant 2 Mgr

Plant 2 Supv

Plant 2 Tech










Plant 1 Web Site









Plant 1 Web Editor









Plant 1 Web Service









Plant 2 Web Site









Plant 2 Web Editor









Plant 2 Web Service










ACME will need six Active Directory User Groups:

  • One for each site (Plant 1 website, Plant 2 website)
  • One for each plant for editing the KPI configuration data (Plant 1 VKPI Edit, Plant 2 VKPI Edit)
  • One for the Visual KPI Admins
  • One for the Corporate Executives

ACME’s Active Directory User Group membership would look like this:

AD Group name User Name
VKPI Admins Adam
Corp Execs Bill
Plant 1 Web Site Charlie, Dave, Ed
Plant 1 VKPI Edit Dave
Plant 2 Web Site Frank, George, Harry
Plant 2 VKPI Edit George

The Read & Execute permissions would be assigned to the Virtual Directories as follows:

Virtual Directory Name AD Group Name
Plant1WebSite Plant 1 Web Site, VKPI Admins, Corp Execs
Plant1WebEditor Plant 1 VKPI Edit, VKPI Admins
Plant1WebService Plant 1 VKPI Edit, VKPI Admins
Plant2WebSite Plant 2 Web Site, VKPI Admins, Corp Execs
Plant2WebEditor Plant 2 VKPI Edit, VKPI Admins
Plant2WebService Plant 2 VKPI Edit, VKPI Admins

ACME will need to create a separate Visual KPI database for each of the Visual KPI sites. By organizing its data to reflect its sites and users, ACME will have a secure Visual KPI system running on multiple sites. Only those users who have been given explicit permissions can access ACME’s Visual KPI data.

Learn more

Enable security for Visual KPI, including an overview of all steps.

Was this article helpful?

Related Articles