Do not require permission to PIPOINT if the permission is already covered by Point Security or Data Security
According to the documentation linked above, when permission to Point Security or Data Security is required, the same permission to PIPOINT is also required. This is redundant. The only times that PIPOINT security is used non-redundantly are to determine who has permission to create new PI Points and to assign default permissions to new PI Points. This last point creates a security issue: if a user needs permissions to only a few existing PI Points, then they need the same permissions to PIPOINT, which will give them the same permissions to new PI Points by default.
Please make the following changes:
• Do not require permission to PIPOINT if the permission can be expressed in terms of Point Security and Data Security
• Decouple the permissions to create new PI Points from the default permissions to new PI Points