AVEVA Product Feedback


Add a new idea Subscribe
Status No status
Categories Security
Created by Guest
Created on Aug 20, 2022

RELATED IDEAS

Remove and disable permissions that do not apply in PI System Explorer's Security Configuration window

In PI System Explorer → File → Database → Edit Security, the "Permissions for" box always lists all permissions that can possibly be set within PI AF, regardless of the selected objects. Instead, only permissions that apply to the selected objects should be displayed. For example, it doesn't make sense to configure Subscribe, Subscribe Others, Execute, or Annotate permissions for a mapping, so these permissions should not be displayed in the "Permissions for" box. It should also not be possible to configure such permissions in any way (using PI System Explorer, using PI Builder, etc.). In the event that a permission applies to some but not all selected objects, the permission should be displayed in the "Permission for" box, but the permission configuration should only be saved to the objects where the permission makes sense.
  • Attach files
  • Guest
    Reply
    |     Aug 20, 2022
    This also applies to the security of PI AF databases (PI System Explorer → File → Database → right-click on a database → Security). Having all of the permissions always display isn't just nonsensical, but it also clutters the list of permissions and makes it difficult to find the permissions that you are looking for.
  • Guest
    Reply
    |     Aug 20, 2022
    Please clarify when you say "... It should also not be possible to configure such permissions in any way....".
  • Guest
    Reply
    |     Aug 20, 2022
    PI System Explorer, PI Builder, etc. should not allow you to configure permissions that don't make sense (e.g. "Subscribe" access to enumeration sets). For PI System Explorer, this would mean limiting the permissions that are shown in the "Permission for" box to only those that make sense for the selection (as I've stated in my original suggestion). If a nonsensical permission is attempted to be set using PI Builder, PI Builder should either ignore it. Most importantly, the PI Asset Framework shouldn't track or save nonsensical permissions in the first place. It only adds confusion and wastes a small amount of disk space.