AVEVA Product Feedback
Currently, when you create a mapping in PI Data archive for OIDC client credentals, you can only assign one identity.
This severely limits the granularity and forces to add new identities to existing tags to grant extra permissions and is an easy source for errors.
This is the same limitation that old PI trusts have which was solved with windows/active directory mappings based on groups.
The groups allows us to add a user in multiple groups to grant access to different identities/sets of tags without having to modify tags. This is much easier for handling access management.
The current implementation of client credential mappings does not allow such fine grained management.
A simple solution would be to allow multiple mappings for the same Client credentials (1 identity per mapping) or allow a list of identities to be linked to 1 mapping.
