PI Server

Welcome to the PI Server feedback page!

We created this forum to hear your ideas, feature suggestions and feedback on PI Server. Please suggest your most important features and design change ideas on this site, and vote for your favorite ideas.

Please note that your ideas and comments posted here are visible to all other users.

  • For bugs, please open a case with OSIsoft Tech Support through myOSIsoft Customer Portal  (https://my.osisoft.com) instead of sharing them on this site.
  • For documentation feedback and bugs, please report to documentation@osisoft.com instead of sharing them on this site.
  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add configurable defaults for PI Point "Pointsecurity" and "Datasecurity"

    Read access to the PIPOINT table is required for most identities. Pointsecurity and Datasecurity currently use the settings on the PIPOINT table as the default. New points will generally give read access to most identities because of these defaults. This makes it difficult to configure an identity with read access to some points, but not all points (common when giving external contractors limited access).

    Additionally, for best practice security, buffer identities need read access to Pointsecurity, but read/write access to Datasecurity. There is currently no way to configure this combination as a default.

    Adding two new tables (ex. PTSECDEFAULT and…

    33 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Move Auditviewer function away from local PI System access

    I want to run the Auditviewer function as a unprivileged remote user, moving away from the current requirement to run as a local user on the PI Data Archive Server.  This is so I can minimize security risk associated with local user access on a Windows server.

    13 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. PI System Security with OpenID Connect/OAuth2/Active Directory Federated Services (ADFS)

    Please consider enabling PI System Security to use Active Directory Federated Services (ADFS)[OpenID Connect/OAuth2]--the interfaces, buffer, integrators, PI Vision, etc... 

    As organizations move to Office365 and Cloud/Internet services, this would make authentication/use outside a company's network easier.

    11 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Officially test compatibility with Windows Security Baselines

    As a PI System administrator, I need to harden the OS of my servers consistent with industry best practices so that they are resilient to attack and random disruption.

    Official testing of compatibility with industry standards such as the Windows Security baselines from Microsoft or Windows Server CIS benchmarks would give administrators added confidence that they can apply these hardening best practices without impacting core functionality.

    Windows Security Baselines: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines

    10 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Claims based authentication

    As a PI Administrator I want to be able to use claims based authentication throughout the PI System so that I can provide a simplified and secure authentication methodology for all my users, including ones using web based applications.

    10 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. How to share with other Groups in PI Vision display

    Current status:
    For example:
    username: abc
    if abc is mapped to PI identity called A, then abc can only share display with this identity
    if you want to share with AF identity called B, then abc needs to be mapped to B identity
    I would like directly share display with other identily,it doesn't need to
    be mapped to specific identity

    8 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. PI Integrator for BA Connect with HDInsight

    Please consider testing and documenting how to publish data with the PI Integrator for BA to Apache Kafka hosted by Azure as HDInsight.

    7 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Provide a central point to manage the security for the whole PI System

    Instead of having several admlin tools to manage the security for data archive, AF, PI Vision, PI Integrators
    Could you provide a centralized security management interface which could manage all the existing and upcoming OSIsoft tools

    5 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Be able to configure PI AF security in a single PI System Explorer window

    Currently, there are 2 windows to configure PI AF security, and it is a pain to switch between them:
    • File → Database → Edit Security, which is used to assign permissions to identities
    • File → Server Properties → Identities tab and Mappings tab, which are used to create, edit, and delete identities and mappings

    Please combine these into a single window. For example, the former window could become an extra tab in the latter window.

    5 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Auditviewer separation of roles

    I want to separate the security roles between 1) the ability to run an Auditviewer report and (potentially) associate a change control record to a configuration change and 2) the PI Admin Role in order to minimize security risk.

    5 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Hide Certain PI Point Attributes from Users

    Implement a way to hide the contents of a PI point attribute, specifically the Instrumenttag attribute. With many PI interfaces, the InstrumentTag attribute will store the IP address of the source, and we (as well as many other utilities) have a requirement to not allow access to view the IP address through PI-DataLink or PI-ProcessBook. We’d still like to maintain read-access to other attributes.

    4 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Built-in PI Identities with minimum permissions by default

    It currently takes more effort to follow OSIsoft's recommendation of setting minimum permissions for all PI service accounts than it is to use fewer service accounts with more permissions.

    To help steer PI administrators in the right direction, please bundle the PI Data Archive with one PI Identity for every non-deprecated PI programs and assign them minimum permissions in the Database Security table by default.

    This way, it is easier to simply use the built-in minimum-permission PI Identities than it is to create a new PI Identity that encompasses multiple programs.

    4 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Have an option in AF Security to not pass down database security to newly created objects

    Use case: We want to give a user read access to a single element. All future elements created inherit the Database level Security, meaning the user will also have read access to all future created elements.

    4 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow sorting of Database Security Identities

    There should be some type of sorting feature for the Security Identities/Securities listed in the Database Security section of System Management Tools. A simple fix would be to allow us to remove an identity, re-add it and have that appear on the far right side. Currently, the identity will re-take its previous position in the security string.

    This would be useful because comparing security settings between different PI Servers that should have the same security is difficult when the Identities are listed in different orders on different servers.

    3 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Rename or add descriptions for Read, Write, Read Data, and Write Data permissions in PI System Explorer

    In PI System Explorer, the definitions of the Read, Write, Read Data, and Write Data permissions are not clear from their names. Their names are also misleading. For example, Read permission can be interpreted as "General Read", making Read appear to include Read Data permission. Please consider renaming these to something more accurate.

    If the definitions of the permissions cannot be concisely summarized in the form of the permission names, consider providing more information either in a tooltip or in an additional column in the "Permissions for" box in the Security Configuration window of PI System Explorer.

    3 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Change process to release security patches

    Hello,

    whenever Osisoft identifies security issues on PI / PI AF, they deliver fixes through the next release of these applications.
    This is not convenient as upgrading to a new release is a risk that we don't like to be forced to take and has a cost (we manage about 40 PI servers WW under different versions).
    We would rather appreciate to have patches applicable to our versions of PI. This is what software vendors usually do.

    Could you please consider managing your future security patches this way?

    3 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. User rights for viewing analytics

    In many cases analytics should not be visible to everyone having right to view an AF-Database. Should be possible to direct whom should have view access to analytics.

    This is an extension to the obivious right to change analytics :)

    2 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide an audit function

    The idea would be to provide a feature which alllows a PI System Admin to get a report of all the rights that are granted to a user or a group of user for all the PI system product which have a link with security

    2 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allowing users to edit IP Address for creating a trust with Add Data Server Wizard in Buffering Manager

    When creating a trust for the Buffer Subsystem with the Add Data Server Wizard in Buffering Manager, the Wizard auto-populates the IP Address of the machine. Include an option to edit the IP Address that is auto-populated for machines that have multiple NICs.

    2 votes
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support for data classification

    As a PI admin, I need to ensure that my data access and handling complies with classifications or levels of sensitivity.

    Background
    Regulations and compliance regimes require different controls for data based on the classification of data.

    Related Requests:
    Proper classification is typically a prerequisite for any nontrivial data retention policy.
    https://feedback.osisoft.com/forums/555148-pi-server/suggestions/17219942-support-different-data-retention-policies

    1 vote
    Sign in Sign in with OSIsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base

Posted ideas will have one of the following statuses.
Full definition of these statuses can be found on the Home Page.
No status
NEEDS MORE DISCUSSION
RESEARCHING/EVALUATING
DECLINED
PLANNED
STARTED/IN DEVELOPMENT
IN BETA
COMPLETED