Process Identity Client read access for PI AF objects

Note: This section only applies if installing in an environment whose end users only use OpenID Connect authentication and you selected the authentication option Use OpenID Connect with Process Identity Client ID for the PI Vision Connection to PI Data Archive and AF Servers. (This is the only valid selection if your PI Vision server is not installed on a domain.) Otherwise, proceed to Configure security.

The Process Identity Client needs Read and Read Data access to each PI AF element, table, and event frame that you want accessible through AVEVA PI Vision.

You can set access permissions for PI AF objects with PI System Explorer. See the PI Server topic PI AF object security.

You can also set access permissions for PI AF objects with PI Builder. PI Builder is a Microsoft Excel add-in that lets you edit PI AF objects in bulk. If you need to edit the security settings for many objects, then PI Builder is the best choice. See the PI Server topic Security.

Note: In PI AF, library objects are always readable regardless of their security settings. This means you do not need to grant read access for the following PI AF objects: categories, templates, enumeration sets, reference types, and UOMs.