Create the PI identity for the interface
- Last UpdatedApr 03, 2023
- 1 minute read
The PI identity controls access to objects in Data Archive. The recommended best practice for Data Archive security is to use an identity that has only the access rights which are necessary for the interface to operate.
Use PI SMT to create PI identities and PI trusts, and update mappings between trusts and identities. Optionally, use Buffering Manager to create the trust for the buffering application.
-
Choose an existing PI identity for the interface or create a new PI identity.
Note: Select an identity with a lower privilege level. OSIsoft discourages using highly-privileged identities in PI trusts for interfaces.
You can create trusts based on PI API application names for more secured trusts for the interface.
-
Create a PI trust that maps to the PI identity and matches the credentials of the interface.
OSIsoft recommends using two or more matched items in a trust (commonly referred to as a 2+ Trust). These matched items are the interface application name, interface node name, and IP address.
Trusts are required for each interface instance and executable that connects to Data Archive. The minimum required trusts are one for the interface and one for the buffering subsystem. During setup, creating trusts for apisnap and PI-SDK utilities is helpful for testing communication between the interface node and Data Archive.