Security

https://docs.osisoft.com/bundle/pi-server/page/permissions-required-for-tasks.html According to the documentation linked above, when permission to Point Security or Data Security is required, the same permission to PIPOINT is also required. This i...

Currently, PI Asset Analytics utilizes NTLM authentication. My customer's MSFT Windows Ops team does not recommend using NTLM and by default have this deactivated. Request is to add support for Kerberos authentication for PI Asset Analytics as ...

For clients who previously relied on claims authentication with PI Web API, it would be useful to be able to reproduce a similar authentication flow with bearer authentication and the AVEVA Identity Manager in PI Server 2023. Currently, federation...

It currently takes more effort to follow AVEVA's recommendation of setting minimum permissions for all PI service accounts than it is to use fewer service accounts with more permissions. To help steer PI administrators in the right direction, plea...

PI AF Admin would like grant permissions for users that are not level server admins to create and edit non-impersonated linked tables. Currently this only allowed for AF server admins or using impersonated linked tables. User guide: https://liv...

Provide a configurable export of PI Message log to syslog server.

I want to separate the security roles between 1) the ability to run an Auditviewer report and (potentially) associate a change control record to a configuration change and 2) the PI Admin Role in order to minimize security risk.

Currently, there are 2 windows to configure PI AF security, and it is a pain to switch between them: File → Database → Edit Security, which is used to assign permissions to identities File → Server Properties → Identities tab and Mappings tab, whi...

Use case: We want to give a user read access to a single element. All future elements created inherit the Database level Security, meaning the user will also have read access to all future created elements.

Implement a way to hide the contents of a PI point attribute, specifically the Instrumenttag attribute. With many PI interfaces, the InstrumentTag attribute will store the IP address of the source, and we (as well as many other utilities) have a r...