Effective Access tab

You can view a user's access to items in PI AF on the Effective Access page of the Security Configuration window.

Effective access allows you to see a user's overall access permissions on items in PI AF, such as databases and collections, and is based on the user's current PI AF identity mappings. Each identity has its own set of access permissions on the PI AF server. Access permission settings allow or deny a user the ability to read, write, delete, and take additional actions on objects. A user's access rights are determined by "merging" or taking the union of all identities' allowed permissions and removing the union of all denied permissions. A user is then granted effective access to items based on the "merged" permissions of his or her mapped identities.

For example, the Windows user Maria is a member of the PI AF Engineers, Administrators, and Plant Operators identities. Both the Engineers and Administrators identities can read analyses, but the Plant Operators identity is denied access to reading analyses. As a result, Maria's effective access in PI AF is the ability to read analyses. To learn more about identities and mapping, see PI AF identities and mappings.

Effective Access

Account section

The Account section is where you enter a Windows domain user name, for example rsmith, to begin viewing his or her permissions on items. The user's security identifier and identity mappings are also displayed in this section.

Items to View Access list

The Items to View Access list is based on the items selected for security configuration on the Permissions tab. To view a user's permissions on an item, select the item in the Items to View Access list.

Permissions list

You can view a user's specific access permissions on a selected item in the Permissions list. For more information about assigned permissions, see List of access permissions.