AVEVA™ PI System™ Feedback Portal

Welcome to our feedback site!


We created this site to hear your enhancement ideas, suggestions and feedback about AVEVA products and services. All of the feedback you share here is monitored and reviewed by the AVEVA product managers.

To start, take a look at the ideas in the list below and VOTE for your favorite ideas submitted by other users. POST your own idea if it hasn’t been suggested yet. Include COMMENTS and share relevant business case details that will help our product team get more information on the suggestion. Please note that your ideas and comments are visible to all other users.


This page is for feedback specifically for AVEVA PI System. For links to our other feedback portals, please see the tab RESOURCES below.

Add a new idea Subscribe
Status No status
Product AVEVA™ PI Server
Categories Asset Framework (AF)
Created by GünterSendlinger
Created on Aug 19, 2022

RELATED IDEAS

Improve PI Data Security

The assignment of a PI tag on which the currently logged in user has no authorization as PI point reference to an AF attribute must not (as currently) be possible. It is possible to bypass the PI Archive authorization mechanism (point and data security) by using such attributes in AF-Analytics. The error messages that appear when saving in the System Explorer should not be allowed to be skipped.
  • Attach files
  • Holger Joist
    Reply
    |     Aug 5, 2024

    Just an idea without thinking into each detail:

    • add an user (owner, creator or modifier?) property to each analysis

    • add two option buttons: - run as user (default), - run with elevated rights (can only be choosen as administrator)

    • run the analyses under user context or under elevated context

  • Guest
    Reply
    |     Aug 19, 2022
    This has been an open issue for a few years now. Even if the statement is that it works as designed, it still is a bug. You can choose between tolerating a well documented data leak between different PI tenants or spending additional infrastructure for AF servers to separate tenants reliably. Preventing users from saving expressions with reference to points they have no permission to would be a first simple step to complicate data theft.
  • MarkusAssigal
    Reply
    |     Aug 19, 2022
    We have implemented our security to separate permissions by plants. The discussed behavior would allow access to unrestricted users and even allow them to write to PI tags in Analytics (!). It is very important for us, that you fix this security vulnerability to trust the PI System.
  • Eberhartinger
    Reply
    |     Aug 19, 2022
    Agree with comment of Markus Assigal and
  • BernhardN
    Reply
    |     Aug 19, 2022
    Adding additional AF-Servers to solve that issue is not acceptable. It is a massive loss of trust in data security as well as in data integrity.