Understand PI AF security
- Last UpdatedMay 21, 2025
- 1 minute read
- PI System
- PI Server 2024 R2
- PI Server
PI Asset Framework (AF) supports both claims-based authentication with OpenID Connect (OIDC) and integrated Windows security for authentication. PI AF also provides its own authorization to PI AF objects through PI AF identities and mappings.
You can map roles to PI AF identities on claims-aware PI AF servers. See Map a role to a PI AF identity for more information.
Note: The security configuration information described in this section presumes a PI AF 2015 server and a PI AF 2015 client.
The PI AF security model enables administrators to configure access for PI AF identities at each level of the PI AF hierarchy. PI AF uses Windows integrated security to grant or deny connection to the PI AF server, view or edit databases, and change collections.
For detailed information on how security is implemented on Data Archive, see Understand Data Archive security.
Video
For information on how to create, map, and grant permissions to PI AF identities on a PI AF server that uses Windows authentication, watch this video:
Related Links
- Learn about identities and mappings
- List of PI Asset Framework (AF) identities
- Learn about security hierarchy
- List of security inheritance for objects
- List of access permissions
- Scenarios for using the Deny permission option
- Access permissions
- Security for PI AF server
- PI AF database security
- PI AF collection security
- PI AF object security
- Configure security for the UOM database
- Security model differences: PI AF and Data Archive