PI AF object and local machine permissions for PI Notifications Service
- Last UpdatedOct 02, 2024
- 1 minute read
- PI System
- PI Server 2018
- PI Server
When the PI Notifications Service is installed from the PI Server install kit, the following actions are taken:
-
The PI AF identity "Notifications" is created.
-
The PI Notifications Service account is mapped to the PI AF Notification identity.
-
The new identity is granted the PI AF object permissions listed in the following tables.
The setup process also grants the PI Notifications Service account permission to access the local machine directory.
Note: If an account has administration privileges on the PI AF server, then the account
has all security rights to all objects within the PI AF server, including all databases.
This is true whether the account is granted or denied specific rights on individual
objects.
If you change the PI Notifications Service log on account after installation, you
must make sure the new user has permissions to access necessary AF objects. The easiest
way to do this is to add a mapping for the user to the Notifications identity in the
PI AF server. The sections below describe the necessary permissions in detail.
PI AF server
|
PI AF object |
Permissions |
|---|---|
|
PI AF server and PI AF objects (database, elements, element templates, notification rules, enumeration sets, contacts, and categories) |
Read/Write, Read/Write Data, Annotate |
|
Event Frames |
Read/Write, Read/Write Data, Annotate |
Local machine permissions
|
Local machine directory |
Permissions |
|---|---|
|
%ProgramData%\OSIsoft\PINotifications |
Read, Write, Modify |