AVEVA Product Feedback


ADD A NEW IDEA

Security

Showing 24

Add Kerberos Authentication for PI Asset Analytics

Currently, PI Asset Analytics utilizes NTLM authentication. My customer's MSFT Windows Ops team does not recommend using NTLM and by default have this deactivated. Request is to add support for Kerberos authentication for PI Asset Analytics as ...
Guest over 3 years ago in Security 0 No status

Have pre-made PI Identities with minimum permissions by default

It currently takes more effort to follow AVEVA's recommendation of setting minimum permissions for all PI service accounts than it is to use fewer service accounts with more permissions. To help steer PI administrators in the right direction, plea...
Guest over 3 years ago in Security 2 No status

Allow Federation of ClientIDs and tokens from Entra ID into AVEVA Identity Manager

For clients who previously relied on claims authentication with PI Web API, it would be useful to be able to reproduce a similar authentication flow with bearer authentication and the AVEVA Identity Manager in PI Server 2023. Currently, federation...
Guest about 1 year ago in Security 1 No status

Ability to manage non-impersonated linked tables without PI AF Server Admin privilegies

PI AF Admin would like grant permissions for users that are not level server admins to create and edit non-impersonated linked tables. Currently this only allowed for AF server admins or using impersonated linked tables. User guide: https://liv...
Guest over 3 years ago in Security 3 No status

We need a method to send pi message log to syslog server

Provide a configurable export of PI Message log to syslog server.
Guest over 3 years ago in Security 0 No status

Auditviewer separation of roles

I want to separate the security roles between 1) the ability to run an Auditviewer report and (potentially) associate a change control record to a configuration change and 2) the PI Admin Role in order to minimize security risk.
Guest over 3 years ago in Security 1 No status

User rights for viewing analytics

In many cases analytics should not be visible to everyone having right to view an AF-Database. Should be possible to direct whom should have view access to analytics. This is an extension to the obivious right to change analytics :)
Guest over 3 years ago in Security 2 No status

Security tool that allows management of PI Data Archive, Vision, and AF security settings

PI System Administrators would benefit from a client or PI SMT extension that supports auditing and modifying user access. This includes mapping Active Directory roles to PI Identities, managing PI Database and Point access, managing AF Database a...
Guest over 3 years ago in Security 0 No status

Maximum security should be the default for the PI Data Archive and PI System Management Tools

Maximum security by default would help encourage security best practices by: Making the best decision for customers that do not know or care about security "Rewarding" security-conscious customers with not having to expend effort to maximize secur...
Guest over 3 years ago in Security 0 No status

OIDC authentication with federated accounts (through CONNECT) requires too many steps

Currently, it is a 5-step process to get authenticated. After the first authentication, it is only a 3-step process, but still clunky.
Laurie Dieffenbach 12 months ago in Security 0 No status