Security

It currently takes more effort to follow AVEVA's recommendation of setting minimum permissions for all PI service accounts than it is to use fewer service accounts with more permissions. To help steer PI administrators in the right direction, plea...

PI AF Admin would like grant permissions for users that are not level server admins to create and edit non-impersonated linked tables. Currently this only allowed for AF server admins or using impersonated linked tables. User guide: https://liv...

Provide a configurable export of PI Message log to syslog server.

I want to separate the security roles between 1) the ability to run an Auditviewer report and (potentially) associate a change control record to a configuration change and 2) the PI Admin Role in order to minimize security risk.

In many cases analytics should not be visible to everyone having right to view an AF-Database. Should be possible to direct whom should have view access to analytics. This is an extension to the obivious right to change analytics :)

PI System Administrators would benefit from a client or PI SMT extension that supports auditing and modifying user access. This includes mapping Active Directory roles to PI Identities, managing PI Database and Point access, managing AF Database a...

Maximum security by default would help encourage security best practices by: Making the best decision for customers that do not know or care about security "Rewarding" security-conscious customers with not having to expend effort to maximize secur...

Currently, it is a 5-step process to get authenticated. After the first authentication, it is only a 3-step process, but still clunky.

Hello, whenever Osisoft identifies security issues on PI / PI AF, they deliver fixes through the next release of these applications. This is not convenient as upgrading to a new release is a risk that we don't like to be forced to take and has a ...

Some Azure Active Directory (Entra ID) administrators will be hesitant to give the registered application for the AIM Server Directory.Read.All privileges. It should be feasible to give the application lesser privileges on the directory while stil...