Read access to the PIPOINT table is required for most identities. Pointsecurity and Datasecurity currently use the settings on the PIPOINT table as the default. New points will generally give read access to most identities because of these defaults. This makes it difficult to configure an identity with read access to some points, but not all points (common when giving external contractors limited access).
Additionally, for best practice security, buffer identities need read access to Pointsecurity, but read/write access to Datasecurity. There is currently no way to configure this combination as a default.
Adding two new tables (ex. PTSECDEFAULT and DATASECDEFAULT) that are used for these defaults, instead of pulling directly from PIPOINT, will fix all of these issues.
Please consider merging https://pisystem.feedback.aveva.com/ideas/PIDA-I-1275 into this post. Thank you.