Station homes

Niagara 4 uses the Java Security Manager to protect against malicious actors who may attempt to access station or platform data and APIs. The Security Manager uses signed policy files that specify the permissions to be granted for access to code from various sources. Included are tighter controls about which applications have access to parts of the file system. Two folders under the Workbench User Home serve to protect sensitive data while allowing authorized access to data that can be shared.

  • The stations sub-folder, otherwise known as the Protected Station Home (alias: protected_station_home) contains the running station’s file system, and may be accessed only by core Niagara software modules. Station items that are always in Protected Station Home, that is, items that are not under the shared sub-folder include the following folders, as applicable:

    • alarm

    • history

    • niagaraDriver_nVirtual

    • provisioningNiagara

    • dataRecovery

    All files in the stations folder root (config.bog, config.backup.timestamp.bog, etc.) are always in the Protected Station Home. For this reason, in Niagara 4 it is no longer necessary to blacklist or whitelist station files or folders.

  • The shared sub-folder, otherwise known as the Station Home (alias: station_home), allows all modules to have read, write, and delete permissions.

    The alias station_home retains the same file ORD shortcut (^) as used in NiagaraAX—only in Niagara 4 it points to the station’s shared sub-folder.

Figure 1. Example NiagaraAX station file folders compared to Niagara 4 station file folders
AX station folder N4 station folder

As shown in the figures above, comparing an AX station file folder structure (left side) to the same station migrated to Niagara 4, a number of folders are under this shared sub-folder. Included are folders and files used in graphical (Px) views or navigation, such as images, px, nav and so on. Modules that are prevented from writing to the station root by the Security Manager must write to the shared sub-folder.

Figure 2. File ORD for the Station Home in Niagara 4 now points to the shared folder


As shown in a station running above, the Station Home (alias: station_home) file ORD (^) now points to the contents of the shared sub-folder. Other items in protected Station Home are no longer accessible or visible.