We have some user that are able to edit some fields in AF using System explorer but they cannot do it using PI Builder (that require database access). Please align PI Builder access and PI System explorer because the actual situation is a nonsense
Add configurable defaults for PI Point "Pointsecurity" and "Datasecurity"
Read access to the PIPOINT table is required for most identities. Pointsecurity and Datasecurity currently use the settings on the PIPOINT table as the default. New points will generally give read access to most identities because of these default...
AVEVA Identity Manager should have a different description for button "Windows integrated login"
Although Windows AD is always a default identity provider for AIM, in certain security plans it is desired for Windows credentials not to be used by any general PI users for authentication, but instead for credentials from a different preferred id...
Increase the allowed password length for AF Linked Table "Supply Password" connections
Currently the maximum password length for AF Linked Table connections using the "Supply Password" option is 15 characters. This length limitation should be increased to at least 25 characters.
Allow Federation of ClientIDs and tokens from Entra ID into AVEVA Identity Manager
For clients who previously relied on claims authentication with PI Web API, it would be useful to be able to reproduce a similar authentication flow with bearer authentication and the AVEVA Identity Manager in PI Server 2023. Currently, federation...
Officially test compatibility with Windows Security Baselines
As a PI System administrator, I need to harden the OS of my servers consistent with industry best practices so that they are resilient to attack and random disruption.
Official testing of compatibility with industry standards such as the Windows ...
Provide a central point to manage the security for the whole PI System
Instead of having several admlin tools to manage the security for data archive, AF, PI Vision, PI Integrators
Could you provide a centralized security management interface which could manage all the existing and upcoming OSIsoft tools
jerome.boudon
over 2 years ago
in Security
1
No status
Add Kerberos Authentication for PI Asset Analytics
Currently, PI Asset Analytics utilizes NTLM authentication.
My customer's MSFT Windows Ops team does not recommend using NTLM and by default have this deactivated.
Request is to add support for Kerberos authentication for PI Asset Analytics as ...
Have pre-made PI Identities with minimum permissions by default
It currently takes more effort to follow AVEVA's recommendation of setting minimum permissions for all PI service accounts than it is to use fewer service accounts with more permissions. To help steer PI administrators in the right direction, plea...