You are currently viewing Basic PI Identities Structure, Data Types and PI Security

Basic PI Identities Structure, Data Types and PI Security

In the essence, operational and IT support roles hierarchy related to PI Server is common for all organizations:

Here, “Area” depicts various organizational groups, e.g. plants, branches, divisions, units, etc.

Based on this hierarchy, following data types (PI points) can be used:

  • Area1 PI Points – data type related only to Area1
  • Area2 PI Points – data type related only to Area2
  • Area… PI Points – data type related only to Area…
  • IT/PI System Health PI Points – data type for PI System status monitoring/troubleshooting
  • Default PI Points – data type common for all organization

Following responsibilities were defined (for simplicity, it was assumed that the organization has Area1 and Area2):

Following matrices were created based on Security Plan template of Configuring PI Data Archive Security Online Course.

Derived PI Point Data and Point Security Access Matrix (where R – read-only, R/W – read-write, C – configure):

PI IdentitiesArea1
PI Points
Area2
PI Points
PI System Health
PI Points
Default
PI Points
Higher ManagementRRRRR
Area1 ManagementRRR
Area2 ManagementRRR
Area… ManagementRRR
Area1 Senior OperatorsR/WRR
Area2 Senior OperatorsR/WRR
Area… Senior OperatorR/WRR
Area1 OperatorsRRR
Area2 OperatorsRRR
Area… OperatorsRRR
IT PI Support Team LeadsRRRRR/W
IT PI Backup EngineersRRRRR
IT PI AdministratorsRRRR/WR

Derived Database Security Tables Access Matrix (where R – read-only, R/W – read-write, C – configure):

PI IdentitiesAll PI DatabasesPI PointPIDSPI Modules (will need to grant R/W on specific MDB Modules)
Higher ManagementRR
Area1 ManagementR
Area2 ManagementR
Area… ManagementR
Area1 Senior OperatorsRR/WR/WR/W
Area2 Senior OperatorsRR/WR/WR/W
Area… Senior OperatorRR/WR/WR/W
Area1 OperatorsRR
Area2 OperatorsRR
Area… OperatorsRR
IT PI Support Team LeadsR/W
IT PI Backup EngineersR/W
IT PI AdministratorsR/W

Proposed high-level structure of PI Identities and Active Directory hierarchy with data types and derived access matrices can be used as the basis during initial PI Data Archive security configuration.

This Post Has One Comment

  1. graliontorile

    Way cool, some valid points! I appreciate you making this article available, the rest of the site is also high quality. Have a fun.

Leave a Reply