Review access permissions
- Last UpdatedJan 13, 2023
- 1 minute read
- PI System
- PI Server 2018
- PI Server
When you move to the new security model, typically the goal is to preserve the access permissions for your existing users. To do that, you first need to identify the existing access permissions. You need to look at the permissions for all the modules and points (data and configuration access), as well as for all items listed in the Database Security tool in PI SMT.
Note: If you do not need to preserve existing access permissions, then you can implement a new security configuration instead (Learn about configuring security on a new Data Archive installation).
When you export the existing data access permissions, each object will have an associated access control list (ACL). This is different from the old owner/group model. For example, in earlier versions of the Data Archive server, the access permissions for the sinusoid point might look like this:
|
Tag |
dataaccess |
datagroup |
dataowner |
|---|---|---|---|
|
sinusoid |
o:rw g:rw w:r |
pi_users |
bob |
When you upgrade the Data Archive server, those access permissions are converted to the new model and would look like this:
|
Tag |
datasecurity |
|---|---|
|
sinusoid |
pi_users:A(r,w) | bob:A(r,w) | PIWorld:A(r) |
See About access permissions on the PI Data Archive server for more information on the ACL.