Generic filters
Exact matches only

Use Multiple Sites for Security

Visual KPI supports the use of multiple sites for security, allowing you to have a finer level of control over who will have what type of access to your various KPI data.

If you have only a single set of users who all need the same access to all of your KPI data, then implementing Active Directory security on your Visual KPI site is easy enough.

But, what if you have multiple user groups, each of which needs access to different sets of KPI data, and/or different levels of access, such as read-only as opposed to edit? How can you assign different levels of access to each of the different user groups?

Well, you can’t if you only have a single Visual KPI site. You may want to consider having multiple sites for security reasons.

The following is an example implementation of Active Directory security using multiple Visual KPI sites.

ACME Manufacturing Example

Let’s look at an example where multiple Visual KPI sites would be required to implement Active Directory security.

ACME Manufacturing has two plants, each of which has its own set of KPIs. ACME wants to have multiple levels of access to KPI data, based on an employee’s job title. Some users will only need to view the KPI data on the website, while others will need to use Visual KPI Designer to edit the KPI configuration data. Additionally, ACME wants to limit KPI visibility based on an employee’s location.

The following table shows the different groups of ACME users, listed across the top row. In the first column is the list of required access levels, broken down by location.


VKPI Admins

Corp Execs

Plant 1 Mgr

Plant 1 Supv

Plant 1 Tech

Plant 2 Mgr

Plant 2 Supv

Plant 2 Tech










Plant 1 Web Site









Plant 1 Web Editor









Plant 1 Web Service









Plant 2 Web Site









Plant 2 Web Editor









Plant 2 Web Service










ACME will need six Active Directory User Groups:

  • One for each site (Plant 1 website, Plant 2 website)
  • One for each plant for editing the KPI configuration data (Plant 1 VKPI Edit, Plant 2 VKPI Edit)
  • One for the Visual KPI Admins
  • One for the Corporate Executives

ACME’s Active Directory User Group membership would look like this:

AD Group nameUser Name
VKPI AdminsAdam
Corp ExecsBill
Plant 1 Web SiteCharlie, Dave, Ed
Plant 1 VKPI EditDave
Plant 2 Web SiteFrank, George, Harry
Plant 2 VKPI EditGeorge

The Read & Execute permissions would be assigned to the Virtual Directories as follows:

Virtual Directory NameAD Group Name
Plant1WebSitePlant 1 Web Site, VKPI Admins, Corp Execs
Plant1WebEditorPlant 1 VKPI Edit, VKPI Admins
Plant1WebServicePlant 1 VKPI Edit, VKPI Admins
Plant2WebSitePlant 2 Web Site, VKPI Admins, Corp Execs
Plant2WebEditorPlant 2 VKPI Edit, VKPI Admins
Plant2WebServicePlant 2 VKPI Edit, VKPI Admins

ACME will need to create a separate Visual KPI database for each of the Visual KPI sites. By organizing its data to reflect its sites and users, ACME will have a secure Visual KPI system running on multiple sites. Only those users who have been given explicit permissions can access ACME’s Visual KPI data.

Learn more

Enable security for Visual KPI, including an overview of all steps.

Was this article helpful?

Related Articles