Initial configuration steps

When you migrate your Data Archive server to the new security model, you need to create an initial configuration that authenticates Windows users and grants them the appropriate access permissions on the Data Archive server. You can use components of your existing configuration, which you can replace over time.

1. Review existing access permissions.

   Export the access permissions for all existing points and modules and for all the entries in the PI SMT Database Security tool. See Review access permissions.

2. Create a list of unique access strings.

   You will use this list to determine the needed sets of access permissions. See Create a list of unique access strings.

3. Create a configuration plan.

   Identify which PI groups you will keep and which are redundant. If you have any sets of access permissions that are not covered by existing PI groups, determine how you will fill those gaps. See Create a configuration plan.

4. Create new identities to fill gaps.

   If you decided to create new PI identities to fill configuration gaps, create them now. See Create PI identities to fill gaps.

5. Review AD groups.

   Determine how your AD groups correspond with your configuration plan. You might need to create new AD groups or adjust group membership. See Review AD groups.

6. Create the mappings.

   Set up mappings between AD groups and PI groups and identities. See Create mappings in SMT.

7. Verify initial configuration.

   Check your new security configuration to make sure that everyone is getting the correct level of access. See Verify initial configuration.