Alibek

Basic PI Identities Structure, Data Types and PI Security

Blog Post created by Alibek on Mar 6, 2019

 

In the essence, operational and IT support roles hierarchy related to PI Server is common for all organizations:

roles_hierarchy.png

Here, “Area” depicts various organizational groups, e.g. plants, branches, divisions, units, etc.

Based on this hierarchy, following data types (PI points) can be used:

  • Area1 PI Points – data type related only to Area1
  • Area2 PI Points – data type related only to Area2
  • Area… PI Points – data type related only to Area…
  • IT/PI System Health PI Points – data type for PI System status monitoring/troubleshooting
  • Default PI Points – data type common for all organization

Following responsibilities were defined (for simplicity, it was assumed that the organization has Area1 and Area2):

responsibilities.PNG

Following matrices were created based on Security Plan template of Configuring PI Data Archive Security Online Course.

Derived PI Point Data and Point Security Access Matrix (where R – read-only, R/W – read-write, C – configure):

PI Identities

Area1

PI Points

Area2

PI Points

PI System Health

PI Points

Default

PI Points

Higher Management

R

R

R

R

R

Area1 Management

R

 

 

R

R

Area2 Management

 

R

 

R

R

Area… Management

 

 

R

R

R

Area1 Senior Operators

R/W

 

 

R

R

Area2 Senior Operators

 

R/W

 

R

R

Area… Senior Operator

 

 

R/W

R

R

Area1 Operators

R

 

 

R

R

Area2 Operators

 

R

 

R

R

Area… Operators

 

 

R

R

R

IT PI Support Team Leads

R

R

R

R

R/W

IT PI Backup Engineers

R

R

R

R

R

IT PI Administrators

R

R

R

R/W

R

 

Derived Database Security Tables Access Matrix (where R – read-only, R/W – read-write, C – configure):

PI Identities

All

PI Databases

PI Point

PIDS

PI Modules (will need to grant R/W on specific MDB Modules)

Higher Management

 

R

R

 

Area1 Management

R

 

 

 

Area2 Management

R

 

 

 

Area… Management

R

 

 

 

Area1 Senior Operators

R

R/W

R/W

R/W

Area2 Senior Operators

R

R/W

R/W

R/W

Area… Senior Operator

R

R/W

R/W

R/W

Area1 Operators

 

R

R

 

Area2 Operators

 

R

R

 

Area… Operators

 

R

R

 

IT PI Support Team Leads

R/W

 

 

 

IT PI Backup Engineers

R/W

 

 

 

IT PI Administrators

R/W

 

 

 

 

Proposed high-level structure of PI Identities and Active Directory hierarchy with data types and derived access matrices can be used as the basis during initial PI Data Archive security configuration.

Outcomes