Implement the quick-start security configuration

In this very simple model, users either get read-only access to everything on the Data Archive server or they get read/write access to everything on the Data Archive server. You do not configure different access levels for different PI resources. In AD, your users should be grouped according to these two levels of Data Archive access. (For AD configuration, your company's IT department is probably your best resource.)

1. Identify which AD group or groups will have administrator (read/write) privileges on the Data Archive server. Identify which groups will have read-only access.

2. Map the AD group that represents PI administrators to the built-in PI group called piadmins. You can map multiple AD groups to piadmins if needed. Because piadmins has predefined read/write access to all Data Archive configuration and data, all the Windows users in those AD groups will then get that level of access.

   Note: Be sure to use the piadmins group and not the piadmin user.

3. Map the AD group containing your read-only access users to the built-in PI group piusers. You can map multiple AD groups to piusers if needed. All the Windows users in those groups will be authenticated as piusers. Since all authenticated users get read access through the PIWorld identity, you do not need to explicitly configure access permissions for piusers.

Configure PI interfaces. See Configure PI interface connections using PI trusts.