7 Replies Latest reply on Aug 25, 2011 1:17 PM by dtakara

    AF Authentication for a Data Reference

    TomHosea

      We have written a Data Reference to evaluate several AF attributes and write a status back to another AF attribute. This DR is very similar to the examples for roll-up, string concatenation ... posted in vCampus.

       

      The dilemma, is that when a ProcessBook user with read-only access to the data tries to retrieve information using an Element Relative display, they receive an error message telling them that they don't have write permissions.

       

      Our current connection to AF is standard:

       

       

       
           Public myPISystems As New PISystems()
           Public myPISystem As PISystem
           Public myAFDB As AFDatabase
      
           Public sSystem As String
           Public sDataBase As String
      
           sAFServer = "MyServer"
           sDatabase = "MyDatabase"
      
           ' Open the PI System
           myPISystem = myPISystems(sAFServer)
      
           ' Check PISystems object, create if required
           If (myPISystem Is Nothing) Then myPISystems = New PISystems()
      
           ' Check AFDatabase object, create if required
           If (myAFDB Is Nothing) Then myAFDB = myPISystems(sAFServer).Databases(sDataBase)
           If Not myAFDB.Name.ToLower.Equals(sDataBase.ToLower) Then myAFDB = myPISystems.DefaultPISystem.Databases(sDataBase)
      
           ' Final confirmation to see if AF is connected
           ret = (Not (myAFDB Is Nothing))
      

       Is there a way to determine the credentials of the login? I would like to assume an administrators role when this DR connects rather than assuming the role of the ProcessBook user.

       

      Any suggestions are welcome.

       

      Tom Hosea

        • Re: AF Authentication for a Data Reference
          pcombellick

          Tom,

           

          Take a look at the AFElement.GetSecurity method.

           

          As for elevating the privileges of the ProcessBook user, I am doubtful that this is possible.

           

          Paul

            • Re: AF Authentication for a Data Reference
              TomHosea

              Hi Paul,

               

              Thanks for the response. I have changed the permissions on the AF Elements to include read/write privledges. This appeared to solve the problem. However, as I roll the application out to multiple users, the behavior in ProcessBook is inconsistent. Two users, with identical permissions can look at the same element relative display and show different results. Typically, "NO DATA" randomly appears. This may be a timing issue.

               

              I can login concurrently using an administrators account and experience no problems.

               

              Thoughts ... suggestions?

               

              Tom

                • Re: AF Authentication for a Data Reference
                  dtakara

                  Tom Hosea

                  However, as I roll the application out to multiple users, the behavior in ProcessBook is inconsistent. Two users, with identical permissions can look at the same element relative display and show different results. Typically, "NO DATA" randomly appears. This may be a timing issue.

                   

                  I can login concurrently using an administrators account and experience no problems.

                   

                  Hi Tom,

                   

                  In order to figure out what's wrong here, we must find out that the possible differences between these users: although they have identical permissions, do they happen to be on different locations (so that the quality/stability of their connectivity to the AD domain controller may not necessarily be the same)?

                   

                  In any case, I would suggest you to open a call with our regular technical support, for further investigation, as this behavior looks inconsistent.

                   

                  We would appreciate very much if you could post back here your findings, for the benefit of the community.

                    • Re: AF Authentication for a Data Reference
                      TomHosea

                      Hi Daniel,

                       

                      Thanks for the response. As a matter of fact, I posted this thread in response to a technical support call regarding this situation.

                       

                      I did some more investigation and found that when logging in through an administrative account, a ping traceroute (tracert) command, the system showed about 5-6 hops. When logging is from a non-administrators account, the same command consistently demonstrated 40-50 hops. The extreme delays from a non-administrative account were causing errors (NO DATA) to appear for some fairly complex AF calculations.

                       

                      The client uses Citrix for many applications. For now, the work-around is to place a Citrix server in a location that is "close" on the network and allow users to connect to the system through the remote client.

                       

                      We are trying to find the correct balance between AF formulas, PE's and ACE calculations to optimize the system performance.

                       

                      Tom Hosea