There is a mechanism in the DataHub program to restrict OPC UA clients to selected devices, according to specified DataHub data domains. The clients are distinguished either by user name or by certificate. Configuration is done as follows:
In the Security option of the Properties window create a new Group for each device.
For each user, create a user name or find the certificate for that user in the UserName list.
Add the user to the group for the appropriate device.
In the OPC UA Server section of the OPC UA option of the Properties window, choose Advanced.
Select Configure Data Domains and change it so that only certain user groups have access to the device data domains.
Once completed, this will require the DataHub instance to make a separate OPC UA connection to the UA server for each device, putting the data into separate device domains. If it is not possible to make multiple connections to the UA server, then you can make a single connection and use the DataHub Bridging feature to copy the data into separate domains.