PI Server

Welcome to the PI Server feedback page!

We created this forum to hear your ideas, feature suggestions and feedback on PI Server. Please suggest your most important features and design change ideas on this site, and vote for your favorite ideas.

Please note that your ideas and comments posted here are visible to all other users.

  • For bugs, please open a case with OSIsoft Tech Support through myOSIsoft Customer Portal  (https://my.osisoft.com) instead of sharing them on this site.
  • For documentation feedback and bugs, please report to documentation@osisoft.com instead of sharing them on this site.
  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Increase the allowed password length for AF Linked Table "Supply Password" connections

    Currently the maximum password length for AF Linked Table connections using the "Supply Password" option is 15 characters. This length limitation should be increased to at least 25 characters.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Ability to manage non-impersonated linked tables without PI AF Server Admin privilegies

    PI AF Admin would like grant permissions for users that are not level server admins to create and edit non-impersonated linked tables. Currently this only allowed for AF server admins or using impersonated linked tables.

    User guide:

    https://livelibrary.osisoft.com/LiveLibrary/content/en/server-v12/GUID-B6374C40-8922-40CC-8E76-45CC646DA03F

    https://livelibrary.osisoft.com/LiveLibrary/content/en/server-v12/GUID-D1BDFD1B-8720-4CAD-8A06-0FCE958664BC

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Maximum security should be the default for the PI Data Archive and PI System Management Tools

    Maximum security by default would help encourage security best practices by:
    • Making the best decision for customers that do not know or care about security
    • "Rewarding" security-conscious customers with not having to expend effort to maximize security
    • "Punishing" customers that practice suboptimal security by requiring extra effort to make their PI system less secure
    • Sending the message that "secure" is the new normal and "insecure" is the odd one out

    Please make the following changes to the PI Data Archive and PI System Management Tools:

    • All built-in PI Users should have the "User is disabled",…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add Kerberos Authentication for PI Asset Analytics

    Currently, PI Asset Analytics utilizes NTLM authentication.

    My customer's MSFT Windows Ops team does not recommend using NTLM and by default have this deactivated.

    Request is to add support for Kerberos authentication for PI Asset Analytics as part of security best practices.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Security tool that allows management of PI Data Archive, Vision, and AF security settings

    PI System Administrators would benefit from a client or PI SMT extension that supports auditing and modifying user access. This includes mapping Active Directory roles to PI Identities, managing PI Database and Point access, managing AF Database and element access, managing PI Vision access, and managing permissions for folders and displays within PI Vision.

    This would be useful for administrators who manage large teams, complex PI Systems, and/or environments where appropriate data access is critical to security policy compliance.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. User rights for viewing analytics

    In many cases analytics should not be visible to everyone having right to view an AF-Database. Should be possible to direct whom should have view access to analytics.

    This is an extension to the obivious right to change analytics :)

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Provide a central point to manage the security for the whole PI System

    Instead of having several admlin tools to manage the security for data archive, AF, PI Vision, PI Integrators
    Could you provide a centralized security management interface which could manage all the existing and upcoming OSIsoft tools

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Officially test compatibility with Windows Security Baselines

    As a PI System administrator, I need to harden the OS of my servers consistent with industry best practices so that they are resilient to attack and random disruption.

    Official testing of compatibility with industry standards such as the Windows Security baselines from Microsoft or Windows Server CIS benchmarks would give administrators added confidence that they can apply these hardening best practices without impacting core functionality.

    Windows Security Baselines: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. PI System Security with OpenID Connect/OAuth2/Active Directory Federated Services (ADFS)

    Please consider enabling PI System Security to use Active Directory Federated Services (ADFS)[OpenID Connect/OAuth2]--the interfaces, buffer, integrators, PI Vision, etc... 

    As organizations move to Office365 and Cloud/Internet services, this would make authentication/use outside a company's network easier.

    27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Remove and disable permissions that do not apply in PI System Explorer's Security Configuration window

    In PI System Explorer → File → Database → Edit Security, the "Permissions for" box always lists all permissions that can possibly be set within PI AF, regardless of the selected objects. Instead, only permissions that apply to the selected objects should be displayed. For example, it doesn't make sense to configure Subscribe, Subscribe Others, Execute, or Annotate permissions for a mapping, so these permissions should not be displayed in the "Permissions for" box. It should also not be possible to configure such permissions in any way (using PI System Explorer, using PI Builder, etc.).

    In the event that a…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add configurable defaults for PI Point "Pointsecurity" and "Datasecurity"

    Read access to the PIPOINT table is required for most identities. Pointsecurity and Datasecurity currently use the settings on the PIPOINT table as the default. New points will generally give read access to most identities because of these defaults. This makes it difficult to configure an identity with read access to some points, but not all points (common when giving external contractors limited access).

    Additionally, for best practice security, buffer identities need read access to Pointsecurity, but read/write access to Datasecurity. There is currently no way to configure this combination as a default.

    Adding two new tables (ex. PTSECDEFAULT and…

    37 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Built-in PI Identities with minimum permissions by default

    It currently takes more effort to follow OSIsoft's recommendation of setting minimum permissions for all PI service accounts than it is to use fewer service accounts with more permissions.

    To help steer PI administrators in the right direction, please bundle the PI Data Archive with one PI Identity for every non-deprecated PI programs and assign them minimum permissions in the Database Security table by default.

    This way, it is easier to simply use the built-in minimum-permission PI Identities than it is to create a new PI Identity that encompasses multiple programs.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Auditviewer separation of roles

    I want to separate the security roles between 1) the ability to run an Auditviewer report and (potentially) associate a change control record to a configuration change and 2) the PI Admin Role in order to minimize security risk.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Claims based authentication

    As a PI Administrator I want to be able to use claims based authentication throughout the PI System so that I can provide a simplified and secure authentication methodology for all my users, including ones using web based applications.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support for data classification

    As a PI admin, I need to ensure that my data access and handling complies with classifications or levels of sensitivity.

    Background
    Regulations and compliance regimes require different controls for data based on the classification of data.

    Related Requests:
    Proper classification is typically a prerequisite for any nontrivial data retention policy.
    https://feedback.osisoft.com/forums/555148-pi-server/suggestions/17219942-support-different-data-retention-policies

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Change process to release security patches

    Hello,

    whenever Osisoft identifies security issues on PI / PI AF, they deliver fixes through the next release of these applications.
    This is not convenient as upgrading to a new release is a risk that we don't like to be forced to take and has a cost (we manage about 40 PI servers WW under different versions).
    We would rather appreciate to have patches applicable to our versions of PI. This is what software vendors usually do.

    Could you please consider managing your future security patches this way?

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

Posted ideas will have one of the following statuses.
Full definition of these statuses can be found on the Home Page.
No status
TELL US MORE
EVALUATING
PLANNED
IN DEVELOPMENT
COMPLETED
DECLINED