Learn about quick configuration

In this configuration you assign two levels of access permissions that apply to all Data Archive resources: users either get read/write or read-only access to everything. In AD, your users should be grouped according to these two levels of Data Archive access. On the Data Archive server itself, you need two identities, users, or groups on which to define access: one for read-only access and one for read-write access.

For this quick configuration, we take advantage of two built-in components that have preconfigured access permissions:

• piadmins:

  piadmins is a built-in PI group that is preconfigured with read-write access to all Data Archive resources. Because we use piadmins, we do not need to explicitly set access permissions for the read-write group. We simply create a mapping between piadmins and the AD group or groups that require read-write access.

  Note: piadmins has read-write access to everything on new installations. Upgrades do not automatically reconfigure the access permissions for piadmins, so this configuration option does not work. See Configuring security for Data Archive upgrades.

• PIWorld:

  PIWorld is a built-in PI identity that is preconfigured with read access to most Data Archive resources. You cannot use PIWorld directly in a mapping. However all authenticated users on the Data Archive server get at least PIWorld access. Map an AD group to any PI identity (or PI group or PI user). All the Windows users in that AD group will automatically get the access that is preconfigured for PIWorld. See The PIWorld identity for more on PIWorld.

  Note: This configuration relies on PIWorld access. It does not work if you disable PIWorld.