Thank you for raising this thread.
I would like to add a few more details to elaborate >>>
The PI System Explorer contains 2 tabs in the Security configuration
(1) Permissions - For mapping AD accounts to PI AF Identities, etc.
(2) Effective Access - For querying a specific user account and understanding what permissions do they have
The "Permissions" tab works perfectly in a multi-domain (+1 way trust) environment and allows the PI Administrator to map an AD account\group to a PI Identity when this is done from the AF Server (isolated) domain.
On the other hand, the Effective Access Tab which was developed in later versions (and should essentially do the exact same function when you use the dialog box to query a user account from AD) is not working the same way in such environment, since it will not allow to query for an AD user from another (trusted) domain but only a user from within the AF server (Isolated) domain.
I believe this difference in how the 2 PSE "Tabs" in the security configuration behave is an inconsistency and makes the Effective-Access unusable for clients using the PI System & AF in a multi-domains scenario.
I hope this issue will be addressed in future releases.
Thank you.
