We are currently struggling to configure Coresight security in a test Coresight configuration and some questions have arisen.
1. If Coresight is configured to use a service account that is part of an AD group that is mapped to the piadmin account, does the service then have write access to the PI server?
2. With multiple AD groups having read access to the PI tags and data, and mutually exclusive access between groups, how many identities should be created? One per group?
3. Ultimately, what access does an individual within a given AD group have? Does the AD group access, as defined in the tag and data security, pass through the identity?
As much as I enjoy the product, the documentation is not always clear.