What is in the new security model?

The new security model introduces a number of changes to the Data Archive server:

• Windows Authentication

  Previous versions of Data Archive had two methods of authentication: PI trusts and PI password authentication (typing in PI user name and password). PI Server 3.4.380 adds a third method: Windows authentication. This method is more secure than the other two and is now the recommended method for authenticating connections.

• New Access Permissions Model

  The owner/group/world model of access permissions has been replaced with access control lists that allow you to define permissions for as many different purposes as you need. You are no longer restricted to one owner, one group, and everyone else.

• PI Identities

  The old model had only PI users and PI groups. This model was based on the necessity for managing user accounts on the Data Archive server. The new model provides PI identities. The PI identity is essentially an abstraction layer. It allows you to map Windows groups or users to categories of access on the Data Archive server without creating a separate set of credentials.

• Mappings

  Mappings are the mechanism for associating Windows users or groups with PI identities. You can also create mappings to existing PI users and PI groups.

• New Version of PI SMT

  PI SMT has changed to support the new security model. A new Backup tool is included, as well as a Security Settings tool and a Firewall tool.

You can replace these components over time.

Note: Previous versions of Data Archive had a built-in PI user and a built-in PI group that were both named piadmin. The name of the PI group called piadmin has been changed to piadmins (plural) for consistency. Similarly, previous versions of Data Archive had a built-in PI user and a built-in PI group that were both named piuser.