I am having trouble configuring our RTQP server and user authentication the way i want to. In reading through the admin guide it only provides instructions for adding a mapping/trust for the full RTQP server, which best i can tell would mean
that any users that connect to the RTQP server then automatically get access to the PI Data Archives.
What i am looking for is more along the lines of the delegation method used by PIVision and the Web PI where the context of the connecting user is passed all the way through to target the PI Data server.
I have set a machine level mapping to get it running, but i see no indication of the connecting user in the logs..
Successful login ID: 578. Address: 10.###.###.###. Name: PISqlDas.RTQP.exe(3756):remote. Identity List: AllSites_RO | PIWorld. Environment Username : CORP\AUSYDAPD2Z2$. Method: Windows Login (SSPI,NTLM,HMAC-MD5,RSADSI RC4,128)
New Connection ID: 578 ; Process name: PISqlDas.RTQP.exe(3756):remote(3756) ; User: AllSites_RO | PIWorld ; OS User: CORP\AUSYDAPD2Z2$ ; Hostname: ; IP: 10.###.##.### ; AppID: 737 , 773 ; AppName: AF PI Point Data Reference , PI SQL Data Access Server (RTQP Engine)
Does anyone have any ideas if this is possible? I don't like having blanket mappings for full servers, as it means anything else on that server gets the same access right away, and you loose the ability to control individual user access levels.
We are running PI RTQP server 2018 SP2, with the AF/RTQP server and PI Data Archives server on separate machines.