Hi all,
One of our PI Vision Servers has been updated to PI Vision 2024. On this version we are using PI AF Identities to explicitly assign Admin, Publishers and Explorers. But I've noticed on another server, running an older version of PI Vision, this is greyed out.
The release notes don't say anything on Security levels. So is it just a matter of the two versions being configured differently? How does the older version assign these rights?
New Version (2024)
Old Version
Thanks.
Pablo,
Sorry for the slow response. I was busy at AVEVA World with my colleagues at EXELE.
For the users that are able to view displays, but not edit, you will want to use the explorer role. By default, the AF Identity "World" includes everyone and might be a good fit:
For the publishers, you might to create a new AF Identity using PI System Explorer called "PI Vision publishers" and assign an AD group that contains the PI Vision publishers. Within the PI Vision page, select the publisher role for the AF identity. If you do not want to create a new AF Identity, perhaps the "Engineers" default AF identity might make sense. This is all somewhat confusing and I'd be happy to jump on a quick call with you.
Regards,
Dan
Hi Dan,
Thanks for the feedback. Yes, it seems the older version was managed through local groups. If you can share any further documentation other than what is currently on AVEVA's site (Configure user access on the User Access Levels page), that would be appreciated.
Regarding users who can view but not edit, we implemented the same approach as you described. We've mapped "Everyone" to "World" for "Explorer" functions only. I found that you can make this stricter, and if I'm not mistaken by default, this is what happened with our PI Vision 2024, where unless a person was part of a specific AD group, they had no access to PI Vision because "Everyone" wasn't mapped.
The new table seems to be easier to use for my skill level 
because I was able to create an identity, such as "Contractors" mapped to the relevant AD group or users, and only assign them "Explorer" rights. And I suppose you can further restrict the information based on the AF Server security settings.
Hi Dan,
Thanks for the feedback. Yes, it seems the older version was managed through local groups. If you can share any further documentation other than what is currently on AVEVA's site (Configure user access on the User Access Levels page), that would be appreciated.
Regarding users who can view but not edit, we implemented the same approach as you described. We've mapped "Everyone" to "World" for "Explorer" functions only. I found that you can make this stricter, and if I'm not mistaken by default, this is what happened with our PI Vision 2024, where unless a person was part of a specific AD group, they had no access to PI Vision because "Everyone" wasn't mapped.
The new table seems to be easier to use for my skill level because I was able to create an identity, such as "Contractors" mapped to the relevant AD group or users, and only assign them "Explorer" rights. And I suppose you can further restrict the information based on the AF Server security settings.
