Grant PI Vision Process Identity Client access permissions

Note: This section and its subsections only apply if installing in an environment whose end users only use OpenID Connect authentication and you selected the authentication option Use OpenID Connect with Process Identity Client ID for the PI Vision Connection to PI Data Archive and AF Servers in the previous section. (This is the only valid selection if your PI Vision server is not installed on a domain.) Otherwise, proceed to Configure security.

The Process Identity Client is an AVEVA Identity Manager client that is created while configuring PI Vision for OpenID Connect authentication. PI Vision can use the Process Identity Client to authenticate to Data Archive and PI AF Servers that support OpenID Connect. By default, the Process Identity Client has an ID in the format:

PIVision_ProcessIdentity_COMPUTERNAME

Where “COMPUTERNAME” is the host name of the machine on which PI Vision is installed. Check the Security > Identity page on the PI Vision Administration site to confirm the ID of your Process Identity Client.

The Process Identity Client requires the following permissions:

• For each allowed Data Archive server: The Process Identity Client needs read access to all PI points accessed by client users. See Configure PI Data Archive server access permissions.

• For each allowed PI AF server: The Process Identity Client needs read access to the PI AF servers and to all allowed PI AF databases on each PI AF server. In addition, the Process Identity Client needs read access to all PI AF elements and tables that can be accessed by client users. See Configure PI AF server permissions.