Configure PI AF server permissions

Note: This section doesn't apply if installing in an environment whose end users only use OpenID Connect authentication and you plan to select the authentication option OpenID Connect with Process Identity Client ID for the PI Vision Connection to PI Data Archive and AF Servers in the security settings. (This is the only valid option if your PI Vision server is not installed on a domain.) In that case, proceed to Run the installation kit.

PI Asset Framework (AF) uses Windows security. If you have a Windows group (domain, not local) that currently has the required access permissions, then you can just add the AVEVA PI Vision service account to that group. Otherwise, you will need to manually grant the required access by configuring read access for the AVEVA PI Vision service account. On each PI AF server that you plan to access through AVEVA PI Vision, follow these steps:

1. Create a PI AF identity and mapping.

2. Grant the PI AF identity the required access permissions.

3. Configure access to a PI AF database for each AF database that you want to access through AVEVA PI Vision.

4. Read access for PI AF objects for all the PI AF elements, event frames, and tables that you want to access through AVEVA PI Vision.

Individual AVEVA PI Vision users access the PI AF server data through their own Windows accounts. If existing PI AF users get PI AF access through their domain accounts, then you do not need to configure access for these users. If users get PI AF access through a local group or account on the PI AF server, then they will not be able to see AF objects in AVEVA PI Vision.