Configure the PI AF server permissions for Process Identity Client

Note: This section only applies if installing in an environment whose end users only use OpenID Connect authentication and you selected the authentication option Use OpenID Connect with Process Identity Client ID for the PI Vision Connection to PI Data Archive and AF Servers. (This is the only valid selection if your PI Vision server is not installed on a domain.) Otherwise, proceed to Configure security.

The Process Identity Client must be granted the required access permissions on the PI Asset Framework (PI AF) server. On each PI AF server that you plan to access through AVEVA PI Vision, follow these steps:

1. Create a PI AF identity and mapping for Process Identity Client.

2. Grant the PI AF identity the required access permissions.

3. Configure Process Identity Client access to a PI AF database for each AF database that you want to access through AVEVA PI Vision.

4. Process Identity Client read access for PI AF objects for all the PI AF elements, event frames, and tables that you want to access through AVEVA PI Vision.

Individual AVEVA PI Vision users access the PI AF server data through their own accounts. If existing PI AF users get PI AF access through their accounts, then you do not need to configure access for these users. If users get PI AF access through a local group or account on the PI AF server, then they will not be able to see AF objects in AVEVA PI Vision.