Please remove the database level write access requirement to modify objects below the database level. This will:
1. Prevent users who should only have subobject write access from modifying the database.
2. Make the security model more intuitive for our users. If you want to edit ElementA, you need write access to just ElementA.
Although the current model provides a quick mechanism to shut off write access, I can already achieve this by reassigning user identities.
ADMIN RESPONSE
Aug 19, 2022
This is in PI Server 2017 R2, available now on https://techsupport.osisoft.com/
It seems to me that there is still a bug.
We have an AF structure Elements/Calculations/TagCheck (with several sub nodes).
I want to give an identity the right to modify elements of TagCheck. Now it is not sufficient to give the identity write access to TagCheck. I also have to give the identity write access to the top "Elements" node.
