AVEVA™ PI System™ Feedback Portal

Welcome to our new feedback site!


We created this site to hear your enhancement ideas, suggestions and feedback about AVEVA products and services. All of the feedback you share here is monitored and reviewed by the AVEVA product managers.

To start, take a look at the ideas in the list below and VOTE for your favorite ideas submitted by other users. POST your own idea if it hasn’t been suggested yet. Include COMMENTS and share relevant business case details that will help our product team get more information on the suggestion. Please note that your ideas and comments are visible to all other users.


This page is for feedback specifically for AVEVA PI System. For links to our other feedback portals, please see the tab RESOURCES below.

Add a new idea Subscribe
Status Declined
Product AVEVA™ PI Server
Categories Asset Framework (AF)
Created by Carl Van Laer
Created on Aug 19, 2022

RELATED IDEAS

Have a less security intrusive way of monitoring PI AF Audit trail is enabled

Currently the account used to monitor that the Audit trail is enabled requires sysadmin privileges. This is even checked in the related stored procedures. Our database security team sees this permanent need of sysadmin rights as a thread and also has doubts that this type of self-checking/correcting stored procedures is the best way forward. Can this not be done in a more secure way?
  • ADMIN RESPONSE
    Aug 19, 2022
    Due to the limitation of SQL Server CDC, the account requires admin permission per Microsoft. As such, we are declining this request.
  • Attach files
  • Guest
    Reply
    |     Aug 19, 2022
    AF relies on the change data capture feature of SQL Server for its audit trail implementation. The stored procedure that enables audit trail sys.sp_cdc_enable_db requires membership in the sysadmin fixed server role per MS link. The stored procedures handle it individually in order to ensure a user friendly error message is returned. Separate from SQL permissions is that audit users need to have admin permissions on the PISystem object. One reason is to prevent one user from gaining insight about how another user is using the system.