Exercise 3: Granting User and Application Access

Version 9

    Exercise 3 - Once you have viewed the video Configure Overall PI Data Archive Security for Users & SDK Applications, create new PI Identities for All Company, Consultants, and PI Vision on your PI Data Archive. Assign the necessary Database Security permissions to these PI Identities, as well as create mappings for the appropriate domain accounts or groups to these PI Identities.

     

    Use the task-based access permissions reference and the list you prepared in Exercise 2: Who and What Else Needs Access? to give the following PI Identities the following permissions:

    • 'All Company' - "Points: View data"
    • 'PI Vision' or (any other client tools i.e. ProcessBook, DataLink etc.) - "Points: View data"
    • 'Consultants' - "Points: View data", and "Points: Create"

     

    In the Configuring PI Data Archive Security - Cloud Environment:

    • pischool\iuser (Issac User) is a member of the active directory group All Company.
    • pischool\sconsultant (Sarah Consultant) is a member of the active directory group Consultants.

    You can use these accounts to verify that iuser can see data, and sconsultant can create PI Points.

     

    Since PISRV01 is a newly installed PI System with nothing relying on the PI World identity, you may disable it. Once completed, be sure to log into the machines or run applications under different accounts (i.e. pischool\iuser versus pischool\sconsultant) to confirm that your permissions were successfully configured.

     

    If you're not using the course Cloud Environment:

    You can create new active directory accounts or use ones that currently exist and map them to the PI Identities that you've created. Note that you will have to disable the PI World identity to perform a thorough test. Once completed, be sure to run applications under different accounts to confirm that your permissions were successfully configured.