Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Server Installation and Configuration (PI Server 2024 R2)

TABLE OF CONTENTS

Learn how to configure PI ICU

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedFeb 12, 2025
  • 3 minute read

When PI ICU is installed on an interface node, the PI ICU obtains permissions to access Data Archive objects by logging on with some form of credentials. The Data Archive server authenticates these credentials and establishes a security context for each client program. The security context is specific to the credentials used to log on. Each securable Data Archive object has access control information. Authorization for a client program to access a securable Data Archive object is determined by comparing information in the security context with the access control information for the object.

Several methods are available for logging on:

  • Explicit login

  • PI trust

  • PI mapping (requires PI Server version 3.4.380 or later and PI SDK 1.3.6 or later)

The PI ICU is an interactive application and all the methods for logging on to the Data Archive server can be used.

If the PI Server server is version 3.4.380 or later, we recommend using Windows security through PI mappings. Windows security provides the strongest authentication and full Windows account traceability in the Data Archive log and audit trail records.

Module database permission

The PI ICU creates the module interfaces under the %OSI module. PI ICU configuration settings are stored in a hierarchy of modules under the interfaces module.

The PI ICU requires the following:

  • Write access for the PIModules table (Database Security) in order to create modules

  • Write access for the %OSI module in order to create the interfaces module

  • Write access for the interfaces hierarchy to register interface instances with PI ICU and to change configuration settings

Digital State Table Permissions

When PI ICU starts, it checks for the existence of a digital set named InterfaceStatus. If this digital set does not exist, PI ICU requires write access for the Data Archive digital state table (PIDS in Database Security) to create the InterfaceStatus digital set.

When UniInt Failover is configured for an interface instance, PI ICU checks for the existence of a digital set that is used by special UniInt Failover digital points. If this digital set does not exist, PI ICU requires write access for the Data Archive digital state table (PIDS).

The ICU controls for some interfaces can create specific digital sets that the interface needs. Since ICU controls run inside the PI ICU process, PI ICU requires write access to the Data Archive server digital state table for an ICU control to create digital sets. See the ICU control section of the interface user guide for more detail.

Point Database Permissions

PI ICU can create, edit, or delete the following types of points that are common to UniInt-based interfaces:

  • PI Perfmon Performance Counter Points

  • UniInt Performance Points

  • UniInt Health Points

To create or delete these types of points, PI ICU requires write access for the Data Archive PIPOINT table (Database Security).

To edit or delete individual points of these types, PI ICU requires write access for each point. PI points have two sets of security attributes: one set controls access to the point attributes and the other set controls access to the point data. PI ICU needs write access for point attributes of these types of points. PI ICU does not access point data.

The ICU Controls for some interfaces have the ability to create interface-specific points. Consult the user guide for each interface that PI ICU manages. Since ICU Controls run inside the PI ICU process, the PI ICU requires write access for the Data Archive PIPOINT table for an ICU Control to create points.

In This Topic
TitleResults for “How to create a CRG?”Also Available in