Configure access permissions

You can view and configure access permissions for individual or multiple items by a PI AF identity on the Permissions tab of the Security Configuration window.

Note: If you signed on using OpenID Connect (OIDC), the Effective Access tab displays the current user's permissions on PI AF objects.

Items to Configure list

The content of the Items to Configure list is determined by which object is selected and may display access permissions for the entire PI AF hierarchy, a single database and containers, or a single container and single object.

To configure access permissions for only some of the items, you can clear those you do not want to configure.

Identities list

The Identities list contains a list of identities that have permissions for all checked items in the Items to configure list. You use the Add and Remove functions to manage which identities appear on the list.

If the currently connected PI AF server does not support identities (PI AF 2014 or earlier), the Security Configuration window displays access permissions for Groups or Users and you can add and remove Windows accounts using standard Active Directory windows.

Permissions list

As each identity is selected in the Identities list, the permissions associated with that identity for the checked entries in the Items to Configure list are shown in the Permissions list. You can allow or deny permissions as desired for each identity without losing the changes. The access permissions you set for each identity are retained until you click the OK, Cancel, or Apply button.

Note: If more than one Items to Configure entry is selected and the currently selected identity has one of the permissions in one or more, but not all entries selected in the Items list, the checkbox for that permission displays a dot () to indicate some entries in the Items list have the permission set whereas some do not.