Identities Starting pack
It would be nice if out of the box you could get a few starting identities based on common security use cases.
I.E.
An Identity / Only read, for end users
An Identity for Consultants / Systems Integrators - That could administrate all but the security, so this could be an starting point to build an standard identity for new Consultants
An identity for Edit all but Analytics - This could be an starting point for power users.

-
Kenneth Barber commented
There should be an identity for each non-deprecated PI program and have minimum permissions by default, similar to my suggestion below:
https://feedback.osisoft.com/forums/555148-pi-server/suggestions/31707106-built-in-pi-identities-with-minimum-permissions-by