Create a list of unique access strings
- Last UpdatedMay 30, 2025
- 2 minute read
- PI System
- PI Server 2018
- PI Server
Examine the spreadsheet containing the access permissions for the Data Archive server. Collapse all the items that have the same access. This should give you a list of unique access strings. If you are compiling this list before upgrading to 3.4.380, then the access strings will be in the owner/group/world format. If you compile the list after upgrading, it will be in the new format.
For example, the following table contains the data security for a set of points on a Data Archive server that uses the old security model. Notice that the access permissions are exactly the same for most of the tags.
|
point |
dataaccess |
datagroup |
dataowner |
|---|---|---|---|
|
tag1 |
o:rw g:r w:r |
pi_ops |
bob |
|
tag2 |
o:rw g:r w:r |
pi_ops |
bob |
|
tag3 |
o:rw g:r w:r |
pi_ops |
bob |
|
tag4 |
o:rw g:rw w:r |
pi_eng |
nancy |
|
tag5 |
o:rw g:r w:r |
pi_ops |
bob |
The following table shows what the same access permissions look like after upgrading to PI Server 3.4.380.
|
point |
datasecurity |
|---|---|
|
tag1 |
bob: A(r,w) | pi_ops: A(r) | PIWorld: A(r) |
|
tag2 |
bob: A(r,w) | pi_ops: A(r) | PIWorld: A(r) |
|
tag3 |
bob: A(r,w) | pi_ops: A(r) | PIWorld: A(r) |
|
tag4 |
nancy: A(r,w) | pi_eng: A(r,w) | PIWorld: A(r) |
|
tag5 |
bob: A(r,w) | pi_ops: A(r) | PIWorld: A(r) |
What we want to do is collapse these access permissions into a set of unique access strings. It does not matter whether we use the owner/group/word notation or the ACL strings. We will use ACLs for the rest of this example.
We would then have the following:
|
point |
datasecurity |
|---|---|
|
datasecurity for tag4 |
nancy: A(r,w) | pi_eng: A(r,w) | PIWorld: A(r) |
|
datasecurity for: tag1, tag2, tag3, tag5 |
bob: A(r,w) | pi_ops: A(r) | PIWorld: A(r) |
In this manner, reduce all your access permissions to a set of unique access strings. The next step is to determine what PI groups you need, based on this list.