Learn about security strings

You can use PI Builder to assign access permissions for an object. During retrieval, select the appropriate security columns in the Select Object Types and Column Headers window.

The security string has the following format:

userid1:access_type1(rights1)|userid2:access_type2(rights2)|... useridN:access_typeN(rightsN)

where:

• useridX identifies a user. Valid entries depend on the object type and the PI AF server version:

  • PI AF servers running 2012 (2.5) or older: For PI AF objects, either Microsoft Windows users or group accounts

  • PI AF servers running 2014 (2.6) or newer: For PI AF objects, AF security identities, such as Administrators, Engineers, Owner, and World

  • For PI points, either a PI user, PI group, or PI identity

• access_typeY indicates the access-rule type.

• rightsZ indicates the permissions affected by the rule. Specify the permissions in parenthesis and separate multiple permissions with a comma. PI points only support read and write permissions.

For example, on a 2012 PI AF server, the following security string gives the Everyone account permissions to read and read data, and it gives the ACME\bob account permissions to read, write, read data, write data, and delete:

ACME\bob:A(r,w,rd,wd,d)|Everyone:A(r,rd)

On a 2014 or newer PI AF server, the following security string gives the World AF identity permissions to read and read data, and it gives the Administrators AF identity all permissions:

World:A(r,rd)|Administrators:A(r,w,rd,wd,d,x,a,s,so,an)

The following table lists the supported access rules and the corresponding value to enter in the security string:

The following table lists supported permissions and the corresponding value to enter in the security string. PI points only support read and write permissions.

Note: If you do not specify a security string when publishing an object, PI Builder uses the default settings.