List of access permissions

Read

r

Enables a user to view the object. Read security rights are required to view the object in client applications. The Read permission also enables a user to view configuration values from attributes of elements.

The following objects always have Read permission regardless of their security settings, so long as the logged-in user has Read access to the PI System and the PI AF database. The one exception is the notification contact template, where the logged-in user only requires Read access to the PI System:

• Analysis template

• Categories

• Element template

• Enumeration set

• Event frame template

• Model template

• Notification contact template

• Notification template

• Reference type

• Transfer template

• UOM database

Write

w

Enables a user to create and modify an object. The exception is that event frames and transfers also require Write Data permission on the element template from which they are created, and cases require Write Data permission on the analysis in which they are contained.

Read/Write

Not applicable

Enables a user to read and write to the associated object. When selected, automatically selects the Read and Write permissions.

Read Data

rd

Enables a user to read non-configuration values from attributes of elements (the Configuration Item property for an attribute is cleared). Additionally, this permission controls whether a user can see transfers created from a specific transfer element template. Similarly, it controls whether a user can see cases created in a specific analysis.

If the following objects have Read Data permission, they are also granted Read permission:

• Case

• Element

• Event frame

• Model

• Notification

• Transfer

Write Data

wd

Enables a user to write non-configuration values to attributes of elements (the Configuration Item property for an attribute is cleared). Additionally, this permission controls whether a user can create or modify event frames or transfers created from a specific transfer element template. Similarly, it controls whether a user can create or modify cases in a specific analysis.

Read/Write Data

Not applicable

Enables a user to read data and write data to the associated object. When selected, automatically selects the Read and Write Data permissions.

Delete

d

Enables a user to delete an object. Delete security rights are required to delete an object, either directly or indirectly by removing it from other objects.

Note: All users have Delete permission on the PI System regardless of other security settings as long as the logged-in user has Read access to the PI System. This permission enables the user to remove an AF Server from a list of registered servers on the local machine only.

Execute

x

Enables a user to queue backfilling or recalculation of analyses in the analysis service. It also enables a user to perform most actions on an analysis case.

Admin

a

Enables a user to modify the security settings, or owner, of an object. Administration security rights are required to force an Undo Check Out on an object that is checked out to another user, as well as to lock and unlock an event frame.

Note: Users with the administration permission on the PI AF server object are granted all rights not only to the system, but to all objects within the system, including databases.

Subscribe

s

Enables a user to subscribe and unsubscribe to a notification.

Subscribe Others

so

Enables a user to subscribe and unsubscribe other users to a notification.

Annotate

an

Enables a user to annotate and acknowledge event frames and annotate elements.

Note: This access right was added in PI AF 2016. After an upgrade from earlier server versions, objects with the Write Data (wd) access right are granted the Annotate access right automatically. Both client and server upgrades must use this new permission.