We would like to change users often. Could we have a logout button or something similar?

There should be provision of granting access to PI Identities or PI users on  PI Vision using PI Vision admin webpage.

The customer would like to prevent users with write access to PI Vision folders from being able to delete folders and sub-folders.

When a user shares a display, give the option to allow them to share the data contained in the display (PI tags/AF elements and attributes) with the AF identities that the display is shared with.

Integration with enterprise ‘non-windows’ (claims) authentication systems.

A significant number of customers in my region are not using/don’t plan to adopt WIS as their authentication policy. As a result many of them are not using Windows AD.

Customers need PI Vision to be more flexible: PI Vision should be able to be integrated with their chosen SSO system.

Currently, only 1 AF server is configured to provide identities for vision display security. Displays can show data from multiple AF servers, which could have different security mappings. It would be nice to be able to pull identities from multiple AF servers for display security that matches the AF security that already exists.

As already implemented for subfolders, we would like to set permissions also on root folder "Home".

Use Case: We would like to make sure that only creation of new displays in subfolders is possible and not in home folder.

If a user does not have access to any of the data items (tags/attributes) on a display, they should not be able to open that display.

If a user doesn't have access to view the data associated with data items (tags/attributes) on a display, provide a way for them to be able to request access to the data.

Have Coresight support mutli-tenancy (possibly as Software as a Service, SaaS) so individual tenants of the application can't access each other's displays/data.

In order to support multiple tenants, we need a way to isolate displays so that users can only see certain displays.

As a PI Vision admin, I would like displays to automatically inherit the permissions of their parent folder so that permissions are set automatically when users save displays to the appropriate folder.

Currently permissions for folders and displays are not tied together but they can be propagated manually using the 'Propagate permissions' checkbox in the Folder Settings dialog.

Ability to restrict Pi Vision users to use the PI Data Archive tag search when building displays.
There exists a feature to restrict user access to AF Databases in the PIVision\admin\UserSettings. However, there is no way to restrict PI Vision users from the PI Data Archive.
Or be able to rename the PI DA symbol in the search.

when I login for a long time and without action，automatic logout is necessary

As a PI System Administrator, I want to allow read-only access to PI Vision for anonymous users so that my users do not need to log in on their mobile devices to view displays and data.

Add the ability to show or hide a ProcessBook import folder on the Coresight homepage based on AF Identity permissions.

PI Vision currently makes use of cookies for it's implementation of claims authentication. Google Chrome is phasing out third party cookies, as you can read here: https://www.bounteous.com/insights/2020/04/09/google-chrome-third-party-cookies

This means that in the future third party cookies won't be supported by Chrome anymore, which will break PI Vision's claims authentication.

As all major browser vendors will likely follow this path an alternative solution is needed.

Please create a way of sharing displays with users without having the display show up in "All Displays". Rather, the display should be private but only accessible through URL to a mapped group. This group could be PI World or a specific set of AF users.

PI Coresight 2016 allows 'Set Database Search Root' and 'Restrict Database Access' but is assignable only to individual users - too cumbersome to manage in a large system. Want to integrate with WIS so can use this to assign to previously defined AD groups (ex: based on user site/location) as this is how the PI access is assigned (AD group mapped to PI identity). Could potentially use the same functionality as the display group security which is based on AF identities.

We have a TON of AF templates and not necessarily all of them will be used by our end users. It would be nice if there was a way to either view these templates by category or make them show/hide based on AF identities. Currently there is now way to hide a AF template in PI Vision without deleting it.

As a owner of a display, i would like to be able to modify it even if it is marked as read-only.

Actually, I need to go on the main page, uncheck the read-only, edit the display, save it, and back to the home page again to modifiy to read-only again