Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI AutoPointSync

TABLE OF CONTENTS

PI Trusts and security permissions for PI APS

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMar 07, 2023
  • 2 minute read

To grant the required security permissions to PI APS, PI Trusts can be created that allow PI APS programs from a specific computer, or from any computer, to automatically log on. For details about PI Trusts, see the PI Server documentation.

Each PI Trust must have a unique name. For example, if multiple PI APS nodes are used with one PI Server, the trust names for the PI APS programs on each computer must be different.

PI Trusts can specify the trusted Interface Node by either its network node name or IP address. If a name resolution service, like DNS, is available, OSIsoft recommends using the IPHost attribute as shown in the following examples. To specify the Interface Node by IP address, replace the IPHost attribute with the IPAddr attribute, which must be accompanied by the NetMask attribute.

PI APS Configuration Utility

The following trust allows the PI APS Configuration Utility on the computer named in the trust to automatically log on to the PI Server:

Trust = PIAPSConfigTrust
AppName = PIAPSConfig.exe
IPHost = Host name of the computer where PI APS is located
PIUser = identity

In this trust, the identity must have the access permissions in the table for the PI APS Configuration utility with full functionality.

Note: With this PI Trust, anyone who can log on to the PI APS computer can use the PI APS Configuration Utility to change PI APS configuration settings.

OSIsoft recommends PI Mappings over PI Trusts to control the Windows accounts that have access to the full functionality of the PI APS Configuration Utility. To obtain similar security with PI Server versions earlier than 3.4.380, add the Domain and OSUser attributes to the trust definition and create individual PI Trusts for each Windows account that is allowed to change PI APS configuration settings.

PI APS Synchronization Engine

The following trust allows the PI APS Synchronization Engine on the computer named in the trust to automatically log on to the PI Server.

Trust = PIAPSEngineTrust
AppName = PIAPSEngine.exe
IPHost = Host name of the computer where PI APS is located
PIUser = identity

In this trust the identity must have the access permissions in the table for the PI APS Synchronization Engine.

PI APS Synchronization Trigger Service

The following trust allows the PI APS Synchronization Trigger service on the computer named in the trust to automatically log on to the PI Server.

Trust = PIAPSTriggerTrust
AppName = PIAPSSyncTrigger.exe
IPHost = Host name of the computer where PI APS is located
PIUser = identity

In this trust the identity must have the access permissions in the table for the PI APS Synchronization Trigger service.

In This Topic
TitleResults for “How to create a CRG?”Also Available in