Missing mapped principal
- Last UpdatedOct 04, 2024
- 2 minute read
- PI System
- PI Server 2018
- PI Server
This means that the PI module specifies access for a PI identity (or user or group) that is mapped to two or more Windows accounts; and one of those principals is not on the element security in PI AF.
Cause: Either of the following conditions:
-
A PI AF element is added to PI AF with only one of those principals on the security descriptor.
-
One of those principals was removed after PI AF and PI MDB were in synchronized state.
This problem will not arise for a one-to-one mapping between a PI identity and a Windows principal unless there are some major synchronization errors between MDB and PI AF (for example, they might be out of sync already for other reasons).
Consequences: The access permissions might not be the same for PI MDB and PI AF. This could be a problem if users are trying to work with objects in both PI MDB and PI AF.
Fixes (in order of preference):
-
Add all missing principals to the element.
-
Remove the remaining principal(s) from the element.
-
Edit the access permissions on the module to remove access for the PI identity. This will remove the remaining principals from element.
Note: AF Link does not automatically pick up changes in mappings. The change does not take effect until you edit the element in some way; this triggers AF Link to update the settings in PI MDB.
This problem will not arise for a one-to-one mapping between a PI identity and a Windows principal unless there are some major synchronization errors between MDB and PI AF (for example, they might be out of sync already for other reasons).