Can someone tell me how users are authenticated when they use PI system Explorer to access a PI-AF configuration? I have a feeling its through PI Identities (and Active directory) but I'm not sure. I need to add some new users to the PI system that can create PI AF analyses and elements, but I'm not sure what level of access to give them? Do I make them PI admins or can they be PI engineers? Would a PI engineer have enough permissions to create analyses and elements in AF? I can link the users to PI Identities but I'm not sure if that's just for the PI server or it applies to PI-AF as well.