About access permissions

Each PI identity, PI user, and PI group can be granted access permissions to objects on the Data Archive server (point data, modules, backup permissions, and so on). When a Windows user, PI interface, or other client application is authenticated and mapped to a PI identity (or user or group), then the Windows user or client application gets all the access permissions for the corresponding PI identity, user, or group.

Users that belong to more than one Windows group might be mapped to multiple PI identities, PI users, or PI groups. In this case, they get the cumulative access permissions for all the associated PI identities, users, and groups. In addition all users get the access permissions for PIWorld.

Note: SDK Applications connecting to a Data Archive server configured for Windows authentication (through SDK 1.3.6 and later) are authenticated through Windows, if possible. If Windows authentication succeeds, the access permissions are defined by that mapping, and not by a trust. See Windows authentication versus SDK trusts.