AVEVA Product Feedback


Add a new idea Subscribe
Status No Status
Categories Asset Framework (AF)
Created by Guest
Created on Aug 19, 2022

RELATED IDEAS

Improve PI Data Security

The assignment of a PI tag on which the currently logged in user has no authorization as PI point reference to an AF attribute must not (as currently) be possible. It is possible to bypass the PI Archive authorization mechanism (point and data security) by using such attributes in AF-Analytics. The error messages that appear when saving in the System Explorer should not be allowed to be skipped.
  • Attach files
  • Guest
    Reply
    |     Aug 19, 2022
    This has been an open issue for a few years now. Even if the statement is that it works as designed, it still is a bug. You can choose between tolerating a well documented data leak between different PI tenants or spending additional infrastructure for AF servers to separate tenants reliably. Preventing users from saving expressions with reference to points they have no permission to would be a first simple step to complicate data theft.
  • Guest
    Reply
    |     Aug 19, 2022
    We have implemented our security to separate permissions by plants. The discussed behavior would allow access to unrestricted users and even allow them to write to PI tags in Analytics (!). It is very important for us, that you fix this security vulnerability to trust the PI System.
  • Guest
    Reply
    |     Aug 19, 2022
    Agree with comment of Markus Assigal and
  • Guest
    Reply
    |     Aug 19, 2022
    Adding additional AF-Servers to solve that issue is not acceptable. It is a massive loss of trust in data security as well as in data integrity.