3 Replies Latest reply on Jan 11, 2018 8:45 PM by James Devine

    AF identity usage auditing




      Is there a way to check that an identity is used in any AFElement, AFElementTemplate, AFAnalysis ... or at the database level so that we could plan to remove it?

      I think to:

      • SQL stored procedure (with *_SB tables), or
      • a tool like AFDiag, or
      • AF SDK functions, or
      • OSIsoft.PowerShell script, or
      • ... other


      An idea?

        • Re: AF identity usage audit
          James Devine

          Hi Maxime:


          One can view and edit the identities in the "SecurityString" using the Excel PI Builder plugin for AF Elements, AF Templates, but I don't know about AF Analysis. I assume the analysis is covered by the security string of the parent element. I hope that is what you are looking for.

          1 of 1 people found this helpful
            • Re: AF identity usage auditing
              James Devine


              $afSrv = Get-AFServer YOUR_SERVER_NAME_HERE

              $afDB = Get-AFDatabase YOUR_AF_DATABASE_NAME_HERE -AFServer $afSrv

              $afSecurity = Get-AFSecurity -AFObject $afDB

              Once you populate the $afSecurity variable you can retrieve, edit, and remove values

              1 of 1 people found this helpful
            • Re: AF identity usage auditing

              Hi Maxime,


              Depending on the number of identities you have in your system, looking at the security configuration in PI System Explorer may be sufficient. James Devine's suggestion of using PI Builder is a good one as well as you can use the search function in Excel. If you need a programmatic solution you could do it with the AF SDK. I believe you would need to loop through all of the objects. Here is a sample .ps1 script to give you some ideas. In this script I'm checking if the World identity is attached to any AF Database. If it is, output the name of the database to a file. I'm still learning PowerShell so this might not be the most efficient way of doing this, though it should give you an idea on how to do it. I also didn't do much error handling and this code can obviously be improved to be more robust. Hope it helps!
























                      $AFSrv = Get-AFServer -name $AF

                      $ConnectionString = Connect-AFServer -AFServer $AFSrv









                      write-error "Unable to connect to AFServer"















                     $AFDB = Get-AFDatabase -AFServer $AFsrv



                     ForEach($DB in $AFDB){


                      $IdC = (Get-AFSecurity -AFObject $DB).identity.name





                      If($IdC -contains $Identity){Out-File -FilePath $FilePAth -InputObject $DB.name -append }














                  Disconnect-AFServer -AFServer $AFSrv