PI trust authentication process

If you understand how the Data Archive server authenticates PI trusts, it will be easier to understand how to configure the PI trust:

1. When an application attempts to connect, it sends some connection information to the Data Archive server. The connection information includes the application name, and some information about the computer that the application is running on.

   The connection information is different depending on whether it is a PI API connection or a PI SDK connection. You need to know the type of connection in order to configure the PI trust. See Connection types.

2. The Data Archive server compares the connection information sent by the application to each PI trust defined on the Data Archive server. Each PI trust is defined by a trust record in the trust table. Each field in the PI trust record is compared to the corresponding field in the connection credentials. You can leave some fields blank when you define the PI trust. Blank fields are not compared to the connection credentials. Every field that is not blank in the trust record must exactly match the passed credentials. Otherwise, the authorization is not granted. The more information you enter in the PI trust definition, the more difficult it is for an interface or client application to match the trust.

3. The Data Archive server compares connection credentials to each trust record. If only one record matches exactly, that record is used to grant login. If more than one record contains matching fields, then the record that matches most closely is used.

4. If a match is found, the connection is granted the same access permissions as the PI user, group, or identity defined in the trust.