Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Asset Framework and PI System Explorer (PI Server 2024 R2)

TABLE OF CONTENTS

Understand effective access

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJan 13, 2025
  • 2 minute read

Effective access allows you to see a user's overall access permissions on PI AF objects, such as databases and collections. Access permissions are based on the user's current PI AF identity mappings. Each identity has its own set of access permissions on the PI AF server. Access permission settings allow or deny a user the ability to read, write, delete, and take additional actions on objects. A user's access rights are determined by "merging" or taking the union of all identities' allowed permissions and removing the union of all denied permissions. A user is then granted effective access to items based on the "merged" permissions of his or her mapped identities.

For example, the Windows user Maria is a member of the PI AF Engineers, Administrators, and Plant Operators identities. Both the Engineers and Administrators identities can read analyses, but the Plant Operators identity is denied access to reading analyses. As a result, Maria's effective access in PI AF is the ability to read analyses. To learn more about identities and mapping, see Learn about identities and mappings.

Effective Access tab

The Effective access tab allows you to look up what permissions users have on PI AF database objects. This tab contains the following sections:

  • Account

  • Items to View Access list

  • Permissions list

Account section

The Account section is where you enter a Windows domain user name, for example rsmith, to begin viewing his or her permissions on items. The user's security identifier and identity mappings are also displayed in this section.

Note: If you are using OpenID Connect (OIDC) for claims-based authentication and role mapping, the Effective Access tab shows the OIDC user's permissions on PI AF objects. The User SID field is not shown.

Items to View Access list

The Items to View Access list is based on the items selected for security configuration on the Permissions tab. To view a user's permissions on an item, select the item in the Items to View Access list.

Permissions list

You can view a user's access permissions on a selected database object in the Permissions list. For more information about assigned permissions, see List of access permissions.

Related Links
TitleResults for “How to create a CRG?”Also Available in