PI AF collection security

The security descriptor for a PI AF collection determines access permissions to that collection, as well as default access permissions for new objects in the collection. For example, the Elements collection permissions determine which identities can create and delete elements. The Elements collection permissions are replicated as the security descriptor for any newly-created Element objects.

You can configure access permissions to collections at several points in the PI AF hierarchy. You can set them at the server level so that permissions assigned to identities on the server are also assigned to the same identities for every collection in every database (see Configure security for a PI AF server). You can set them at the database level so that permissions assigned to identities in a database are also assigned to the same identities for every collection in that database (see Configure security for a single PI AF database).

Note: Library objects (Templates, Enumeration Sets, Reference Types, and Categories) always have Read (r) permission regardless of their security settings.