We have finally been able to get our team interested in using the AF database, and are now hitting a bit of a wall.
We have two domains - AF database and services within CORE and the AF Client/Pi Process Book within DMZ.
We have a one way trust allowing DMZ to authenticate to CORE via the PI Identities.
What occurs - when the regular users open PI Process Book or System Explorer, they are prompted to login to the AF server within the CORE domain.
Using their DMZ account credentials, it connects to the AF database and they are able to access AF per their permissions for only that session. As soon as they close system explorer or processbook, the connection is dropped. Checking save password does nothing.
PISDK connects without incident, correctly showing the users connection level.
All of this was new as I had never seen this occur for myself through my time using the DMZ to access AF - my account always just passed my DMZ login through without a prompt. If I enter my own DMZ login details into the AF login prompt and check "save password" the user is never prompted again - but gains my access to AF which includes all our IT entries.
Through various testing, giving a test user domain admin access is the only work around that gives them this pass through/ongoing authentication.
Since stripping this back (because that level of access is not happening!) I have tried:
- Adding details to credentials manager - same prompt occurs for login
- Local administrator access on the DMZ box - same prompt
- Users having full permissions to the PIPC folders on the DMZ box - same prompt
- Modified the users PI permissions to match my own (administrator) - same prompt
The only thing that has provided pass through authentication has been domain admin rights and I cannot quite pin point where this is modifying the system.