Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Server Installation and Configuration (PI Server 2018)

TABLE OF CONTENTS

Authentication for linked tables

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedOct 02, 2024
  • 2 minute read

When a client application requests external data, the PI AF server queries the external data source and returns the data to the client as a read-only PI AF table.

For externally linked tables, the OLE DB provider and the PI AF server should share the same bitness (32-bit or 64-bit). To configure an external table connection in PI System Explorer, for example, you would use a PI AF server of the same bitness (typically, 64-bit).

When you configure the linked table, you must specify the credentials that the PI AF server uses to connect to the database. The authentication options are:

  • Impersonate Client

    If the source database supports Windows authentication, use the Windows identity of the client that is requesting the data. This is an impersonated connection. This is the most secure method of authentication and should be used wherever possible.

  • Supply Password

    If the source database does not support Windows authentication, or if the database and PI AF server are on different, non-trusted domains, specify a user name and password with the necessary access on the source database. PI AF uses this hard-coded account to read the data in the external data source. For example, MySQL database does not support Windows authentication, so you would use the user name and password of an account on the MySQL database.

    Note: You can enter a user ID and password as part of the connection string and save it with a PI AF table connection, regardless of whether support for external PI AF tables for non-impersonated users has been previously enabled (with the afdiag /DTImp command).

  • No additional security context

    This option usually applies when you use Excel or other file-based data sources; otherwise every user needs to be granted read access to the file on the server. With this option, the external table will be accessed using the PI AF server's identity. In this case, you do not need to specify a username or password when configuring the linked table, nor is Kerberos configuration required.

    Caution: Take care to configure SQL security in such a way that the PI AF server's identity does not have more privilege than necessary to retrieve the data. Only PI AF administrators are allowed to configure external tables for security reasons. For that reason, ensure that the PI AF Administrators identity and the Admin access right are assigned to only a limited set of users when this connection mode is enabled.

TitleResults for “How to create a CRG?”Also Available in