AVEVA Product Feedback


Add a new idea Subscribe
Status No Status
Categories Security
Created by Guest
Created on Aug 20, 2022

RELATED IDEAS

Have pre-made PI Identities with minimum permissions by default

It currently takes more effort to follow AVEVA's recommendation of setting minimum permissions for all PI service accounts than it is to use fewer service accounts with more permissions. To help steer PI administrators in the right direction, please bundle the PI Data Archive with 1 PI Identity for every non-deprecated PI program and assign them minimum permissions in the Database Security table by default. This way, it is easier to simply use the pre-made minimum-permission PI Identities than it is to create a new PI Identity that encompasses multiple programs.

  • Attach files
  • Guest
    Reply
    |     Aug 20, 2022
    I should have said "starter" instead of "built-in". I feel that these PI Identities should still be deletable but come with the PI Data Archive preconfigured with minimum permissions in the Database Security tables. I realize that a single PI Data Archive can deal with multiple instances of a product, but this will at least be a good start and a step in the right direction. This suggestion also applies to the PI Asset Framework, similar to the suggestion linked below: https://feedback.osisoft.com/forums/555148-pi-server/suggestions/36368050-identities-starting-pack
  • Guest
    Reply
    |     Aug 20, 2022
    Even though the PI Interface Configuration Utility is not deprecated, I feel that it should be excluded from the starter PI Identities, since it would require permissions to the PI Module Database, which is deprecated. The PI Interface Configuration Utility helps with but is not necessary for configuring PI Interfaces.