Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Server Installation and Configuration (PI Server 2018)

TABLE OF CONTENTS

SQL Server roles and permissions and PI AF

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedOct 03, 2024
  • 2 minute read

As part of the installation of an SQL Server for your PI AF SQL Server database, you must determine the appropriate SQL Server user roles and permissions. Review the following questions to help determine the answer for your PI AF server deployment.

Question

Answer

Does PI AF server require the sysadmin role?

No. We recommend always granting the least security privileges, which means you should not grant sysadmin privileges to PI AF server.

Does PI AF server require a login through the sa account?

No.

Does PI AF server require db_owner role?

No.

How many logins are required?

1 or 2.

Low privileged login for account that runs the PI AF server requires the db_AFServer role. This login should not be granted higher privilege than that. Never allow the PI AF server to connect to your SQL Server with sysadmin privileges.

For PI AF server in High Availability deployments, SQL Server replication is used. The PIAdmin user requires the db_owner role during installation or during changes to the SQL Server replication.

What roles / permissions does the PI AF server need during runtime?

The account that runs the PI AF Application Service must be assigned the db_AFServer database role membership for the PI AF SQL Server database. Use SQL Server Management Studio to edit the SQL Server login for the account.

See Create and configure SQL Server login.

Do end users connect to SQL Server?

No. We recommend that end users not be granted privileges on the SQL Server instance.

Must end users be granted access to SQL Server objects?

No.

Does PI AF server control user access to data stored in the SQL Server database?

Yes. Users do not connect to the SQL Server database. PI AF server use Windows authentication to identify users and performs AccessCheck on Windows security descriptors stored in the SQL Server tables to control user access to application data.

Does each user require a login to SQL Server?

No. Users do not connect to SQL Server.

Does the SQL admin have to manage user permissions to SQL Server objects?

No. Users do not connect to SQL Server.

Does the remote application require any Windows permissions on the SQL Server computer?

No. PI AF SDK never connects to SQL Server and therefore the user does not need any permission on SQL Server.

For PI AF High Availability management, the user running PI AF SDK must have the sysadmin role on the SQL Server instance, but no Windows operating system level privileges are required.

For SQL Server-based High Availability, such as Microsoft SQL AlwaysOn Availability Groups, PI AF SDK does not require the sysadmin role.

Is PI AF server compatible with SQL Server clustering, mirroring, and replication?

Yes.

Is PI AF server compatible with Microsoft SQL AlwaysOn Availability Group?

Yes.

TitleResults for “How to create a CRG?”Also Available in