PI point access permissions

Access to PI points is initially controlled by the PIPOINT entry in the Database Security tool in PI System Management Tools (SMT). While this sets a baseline for access permissions, it is important to note that individual PI points can be configured with more permissive access settings. This is achieved through the DataSecurity or PtSecurity attributes for each point, allowing granular control over who can read or write to specific points.

Types of security settings

PI point security consists of data security and point security.

You can have different access permissions for a point's attributes than for the point's data. For example, a user might be allowed to edit a point's data, but not to edit that point's attributes.

• Data Security

  To view and edit point data, you also need read access to point security. If users do not have permission to view a point's attributes, they generally cannot see that point's data, because client applications require access to the point attributes to retrieve the data.

• Point Security

  To view point attributes, you need read access to PIPOINT, and read access to the point security for the point itself. Similarly, to edit a point's attributes, you need read/write access to PIPOINT, and read/write access to the configuration for the point itself.

Configuring access permissions

You can set permissions at the point level to be more permissive than those defined by PIPOINT. This flexibility allows:

• Enhanced operational control: Grant broader access to critical points for specific users or groups.

• Customized security settings: Apply stricter access to points handling sensitive data, regardless of more lenient general access levels.

Common tasks and the required permissions

The following table lists required access permissions for basic tasks.