Do not require permission to PIPOINT if the permission is already covered by Point Security or Data Security

https://docs.osisoft.com/bundle/pi-server/page/permissions-required-for-tasks.html

According to the documentation linked above, when permission to Point Security or Data Security is required, the same permission to PIPOINT is also required. This is redundant. The only times that PIPOINT security is used non-redundantly are to determine who has permission to create new PI Points and to assign default permissions to new PI Points. This last point creates a security issue: if a user needs permissions to only a few existing PI Points, then they need the same permissions to PIPOINT, which will give them the same permissions to new PI Points by default.

Please make the following changes:

Do not require permission to PIPOINT if the permission can be expressed in terms of Point Security and Data Security
Decouple the permissions to create new PI Points from the default permissions to new PI Points

Attach files

Enter a subject

Guest

Reply
| Sep 27, 2022

Please consider merging into https://pisystem.feedback.aveva.com/ideas/PIDA-I-1301

0 reply Hide replies

Guest

Reply
| Sep 7, 2022

If you find this idea, please also Vote for https://pisystem.feedback.aveva.com/ideas/PIDA-I-1301, it's pretty much the same.

0 reply Hide replies

Please enter your email address

RELATED IDEAS

Do not require permission to PIPOINT if the permission is already covered by Point Security or Data Security