Grant PI Vision service account access permissions
- Last UpdatedJan 31, 2024
- 1 minute read
Note: This section doesn't apply if installing in an environment whose end users only use OpenID Connect authentication and you plan to select the authentication option OpenID Connect with Process Identity Client ID for the PI Vision Connection to PI Data Archive and AF Servers in the security settings. (This is the only valid option if your PI Vision server is not installed on a domain.) In that case, proceed to Run the installation kit.
The AVEVA PI Vision service account requires the following access permissions:
-
For each allowed Data Archive server: The AVEVA PI Vision service account needs read access to all PI points accessed by client users. See Configure PI Data Archive server access permissions.
-
For each allowed PI AF server: The AVEVA PI Vision service account needs read access to the PI AF servers and to all allowed PI AF databases on each PI AF server. In addition, the AVEVA PI Vision service account needs read access to all PI AF elements and tables that can be accessed by client users. See Configure PI AF server permissions.
-
Local security policy user rights: Run aspnet_regiis -ga domain\serviceAccount from the C:\Windows\Microsoft.NET\Framework64\<.NET version>\ directory.