Understand PI identities
- Last UpdatedFeb 12, 2025
- 2 minute read
- PI System
- PI Server 2018
- PI Server
Once you have identified user categories, you designate a PI identity or group for each category. You can create your own PI identities, or you can use some of the built-in PI identities and groups that are included in the Data Archive installation.
Most of these are sample identities, not configured with access permissions. However the piadmins group is preconfigured with read/write access to all Data Archive resources. Using piadmins for your main administrator category can save you some configuration time.
The following example shows you how you might use built-in PI identities for the four user categories described in Understand how to identify user access categories.
-
Users:
Use the built-in PI group called piusers. This group does not have any preconfigured access permissions, so you will have to set those manually. As a short-cut you could rely on the PIWorld access permissions, rather than explicitly setting permissions for piusers. However, this model is less secure.
-
Engineers:
Use the built-in PI identity called PIEngineers. This identity does not have any preconfigured access permissions, so you will have to set those manually.
-
Administrators:
Use the built-in PI identity called piadmins. By default, this identity has read/write access to all Data Archive resources. You can adjust these access permissions as needed.
-
IT Administrators:
Create a PI identity called ITAdmins. You will need to set the access permissions manually.
Creating PI identities is just the first step. You also need to:
-
Map each AD group to the appropriate PI identity (Map AD groups to PI identities).
-
Configure access permissions for each PI identity (Understand how to configure access permissions).