Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Asset Framework and PI System Explorer (PI Server 2018)

TABLE OF CONTENTS

Built-in PI AF identities

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJul 09, 2023
  • 2 minute read

The following table includes a list and descriptions of all the built-in PI AF identities.

PI AF identity

Description

Administrators

By default, this identity has all access permissions to every collection and object on the PI AF server, including all databases. It cannot be modified or deleted. Mappings, however, can be added and removed, and this identity can be denied access permissions to objects if the need arises.

Access to this identity should be restricted to only a few users.

Asset Analytics

(Part of PI Analysis Service installation.) This identity has the necessary access permission to work with analyses. By default, the account used to run PI Analysis Service is mapped to this identity during installation. Mappings to this account can be added or removed.

Asset Analytics Recalculation

(Part of PI Analysis Service installation.) This identity has Execute permission, allowing users mapped to it to backfill and recalculate analyses.1

Engineers

This identity has the same privileges as Administrators, with the exception of the Admin (a) permission. This identity is also not allowed to delete PI AF databases.

This identity should be restricted only to users who are defining the asset database. Additional identities should be created to narrow the scope of access within PI AF.

Notifications

(Part of PI Notifications Service installation.) This identity has the necessary access permission to work with notification rules. By default, the account used to run PI Notifications Service is mapped to this identity during installation. Mappings to this account can be added or removed.

Owner

This read-only identity can be explicitly added to the security configuration of specific PI AF objects to enable administrator users to configure privileges for the owner of an object. The following restrictions apply:

  • You cannot add mappings to this identity.

  • You cannot modify, disable, or delete this identity.

  • Beginning with PI AF 2018 SP2, this identity no longer automatically has Read and ReadData permission. Read and ReadData permission must be set in another of the user's mapped identities.

World

This identity has read access permissions to every collection and object on the PI AF server. It cannot be modified or deleted. Mappings, however, can be added and removed.

By default, this identity is mapped to the Windows Everyone users group.

1If you have installed 2017 (version 2.9) or later versions for the first time, users need to be added to the Asset Analytics Recalculation identity in order to backfill or recalculate. If you are upgrading from versions prior to 2017 (version 2.9), all users will automatically be mapped to Asset Analytics Recalculation identity. It is recommended that upon upgrading, such automatic mapping for all users is removed and users that require backfilling or recalculation permissions are explicitly mapped.

Note: In a typical installation, for security reasons, we recommend providing users with identities that grant them the minimum viable permissions to perform the tasks for their business needs.

TitleResults for “How to create a CRG?”Also Available in