Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI Integrator for Business Analytics

TABLE OF CONTENTS

Data security

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJun 25, 2025
  • 2 minute read

Access to PI AF data within the PI Integrator for Business Analytics user interface, and what data can be published by PI Integrator services, depends on the impersonation setting for your PI Integrator for Business Analytics. Impersonation mode allows users to access PI AF resources from the PI Integrator user interface based on the AF Security permissions of an active directory account.

Application impersonation setting is off by default:

  • When configuring a view, users on client machines make requests to PI AF through PI Integrator Framework service. The user inherits the PI AF and PI Data Archive permissions that have been granted to the PI Integrator for Business Analytics service account.

  • All scheduled publications and updates by PI Integrator Sync service use the permissions granted to the PI Integrator for Business Analytics service account.

  • When the impersonation mode is off, the PI Integrator uses the AF Security permissions of the PI Integrator service account to access PI AF resources.

Application impersonation security setting is on:

  • When configuring a view for publication, a user makes requests for data to a PI AF Server through PI Integrator Framework service. The PI Integrator Framework service only returns data to the end user that has been granted read data access within PI AF Servers.

  • When impersonation is on, the AF Security permissions of a currently authenticated login user is used. Toggling the impersonation mode will allow the user to access PI AF resources with the AF Security permissions of the current authenticated login user. All scheduled publications and updates by PI Integrator Sync service use the permissions granted to the currently authenticated login user.

  • Starting in PI Integrator for Business Analytics 2020 R2 SP2, a list of the AF identities mapped to the view creator at the time of first publish for each view is used to determine what data a view can publish on each subsequent publish. Specifically, the user's access to the source PI AF server's AF objects (such as elements, attributes, and templates) for a view is determined by the AF Security permissions that are defined for that particular user's mapped AF identities of an active directory user account. When a view is published, the AF identities mapped to the user publishing the view are saved with the view configuration.

Related Links
TitleResults for “How to create a CRG?”Also Available in