Servers earlier than 3.4
- Last UpdatedMar 04, 2025
- 2 minute read
Earlier Data Archive versions use the owner/group/world model for access permissions.
Each object can have one owner, which must be a PI user; and one group, which must be a PI group. You can set the access for the owner, the access for the group, and the access for everyone else (called world access).
Each resource has one (and only one) associated group. When a user is not the owner of a particular PI resource (such as a point or database), Data Archive checks to see if the user is a member of the group that is associated with that resource. If so, then the user gets whatever access level the group has.
Since each resource has only one associated group, you sometimes need to create additional groups to give access to all the users who need it. For example, the following figure illustrates an organization with three groups: Developers, Managers and Operators. One user is a member of both the Developers and the Managers group.
Suppose that all the users in the Developers and Managers groups need read-write access to a particular resource, such as the attributes for the Sinusoid point. Because a resource can have only one associated group, you could create a group called DevMan that contains all the developers and all the managers and then associate that resource with the new group.
Typically, you create different PI groups for groups in your organization that need different point access.