Security

Instead of having several admlin tools to manage the security for data archive, AF, PI Vision, PI Integrators Could you provide a centralized security management interface which could manage all the existing and upcoming OSIsoft tools

Although Windows AD is always a default identity provider for AIM, in certain security plans it is desired for Windows credentials not to be used by any general PI users for authentication, but instead for credentials from a different preferred id...

As a PI System administrator, I need to harden the OS of my servers consistent with industry best practices so that they are resilient to attack and random disruption. Official testing of compatibility with industry standards such as the Windows ...

https://docs.osisoft.com/bundle/pi-server/page/permissions-required-for-tasks.html According to the documentation linked above, when permission to Point Security or Data Security is required, the same permission to PIPOINT is also required. This i...

Currently, PI Asset Analytics utilizes NTLM authentication. My customer's MSFT Windows Ops team does not recommend using NTLM and by default have this deactivated. Request is to add support for Kerberos authentication for PI Asset Analytics as ...

It currently takes more effort to follow AVEVA's recommendation of setting minimum permissions for all PI service accounts than it is to use fewer service accounts with more permissions. To help steer PI administrators in the right direction, plea...

For clients who previously relied on claims authentication with PI Web API, it would be useful to be able to reproduce a similar authentication flow with bearer authentication and the AVEVA Identity Manager in PI Server 2023. Currently, federation...

PI AF Admin would like grant permissions for users that are not level server admins to create and edit non-impersonated linked tables. Currently this only allowed for AF server admins or using impersonated linked tables. User guide: https://liv...

Provide a configurable export of PI Message log to syslog server.

I want to separate the security roles between 1) the ability to run an Auditviewer report and (potentially) associate a change control record to a configuration change and 2) the PI Admin Role in order to minimize security risk.