The PI Server may be configured to use node authentication and login protection for read and write access to the PI databases. This security is in addition to any authentication mechanisms available through the native transport.
The PI System Manager enables node authentication and login protection via the file PISysDat:PIServer.Dat. The file contains a default set of protections for nodes not mentioned in the file and explicit protection information on a per node basis. For details on the format and use of this file see PI System Installation/Update Instructions.
These systems offer security down to the individual tag and can be configured to manage read and write access for both data and tag attributes independently. This security is in addition to any authentication mechanisms available through the native transport.
PI identities, PI users, and PI groups are defined on the PI Server using PI System Management Tools (PI SMT) or the command line utility piconfig. When a connection is made to the PI Data Archive, the connection is ampped to a PI identity, PI user or PI group, which controls the permissions associated with the connection.
With PI API 2016 for Windows Integrated Security, the Windows credentials are used with a PI mapping to find the PI identity/user/group to be used for the connection. With earlier versions of the PI API, the PI identity/user/group could be set with either an explicit login (the application uses the
pilg_login() functions to specify the PI user name and password) or a PI Trust could be configured that would use details of the connection (IP Address, host name, application name etc.) to map the connection to a PI identity/user/group.
For more information and instructions, see PI Data Archove 2016 Security Configuration Guide if you use PI Server version 3.4.380 or later. For PI Server implementations older than version 3.3, refer to the documentation that was provided with the software.