Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Server Installation and Configuration (PI Server 2024 R2)

Understand setting minimum permissions for interfaces

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Understand setting minimum permissions for interfaces

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedFeb 12, 2025
  • 1 minute read

Most interfaces are granted too many permissions on Data Archive. Configuring only required permissions is a standard defensive measure to limit the impact in the event of compromise. Because most interfaces are configured for buffering, most interfaces themselves actually require no write permission to points. Most interfaces only require permission to read the configuration of all their points. Only the buffering process, such as PI Buffer Subsystem or PI Buffer Server, needs permission to write data to points, but does not require read permission for points.

Follow these best practices when configuring permissions for interfaces:

  • Grant minimum permissions to the interface and buffer subsystem.

  • The interface and the buffer subsystem should be split into two different PI identities as they have two different needs.

  • Avoid assigning them to the same identity as this gives more permissions than required.

TitleResults for “How to create a CRG?”Also Available in