Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI System Management Tools

TABLE OF CONTENTS

Updated access permission model

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedOct 04, 2024
  • 1 minute read

Each entry in the Database Security editor has an Access Control List (ACL) string that defines the access permissions for that entry (all access permissions on the Data Archive server are defined by an ACL). The ACL lists each identity (or user or group) for which access permissions are set and what level of access that identity has. For example, the ACL for an entry might look like this:

Identity1:A(r,w) | Identity2:A(r,w) | Identity3:A(r) | IdentityN:A(r,w)

Access permissions for each PI identity are separated by a pipe (|) symbol. Each entry consists of the PI identity name, then a colon (:) followed by the access specifier. The access specifier is defined in the format: A(r,w). The A in this notation stands for Allow and "r,w" indicates the allowed access rights – read and write, in this example.

The possible levels of access are read and write. The possible access rights string can be "r", "w", "r,w" or "" (null). Note that there is no level for deny, as there is in Windows.

Users that belong to more than one Windows group might be mapped to multiple PI identities, PI users, or PI groups. In this case, they get the cumulative access permissions for all the associated PI identities, users, and groups. In addition, unless PIWorld is disabled, all users get the access permissions for PIWorld.

TitleResults for “How to create a CRG?”Also Available in