Is there a way to only grant access to specific pi-tags for an API user?
I am a vendor that is trying to mitigate data security issues by only having access to the pi-tags I need.
Thanks in advance!
This is enforced by the data security settings configured on the PI Data Archive. Also, a user must be authenticating to the PI Web API using basic or kerberos authentication or you will not be able to delegate the user credential to the PI Data Archive to enforce your tag security settings.
Thank you! I will take a look at the documentation for data security settings in PI Data Archive.
Are you using PI-API or PI Web API? Vincent Kaufmann talked about the PI Web API angle. If you are connecting using PI-API then the user login, or PI trust, will identify you to PI as a specific identity or PI user. The data security settings on the specific tags will determine whether you can read or write the data.
If you don't want to even see some tags, then all PI tags have to remove PIWorld read access from their point security attributes, then selectively add users to point security. This is something that has to be carefully done so that people don't lose access to tags that they should be able to see.
A lot depends on how the security is already set up on the PI server.
I have not started using anything yet, but I intended to use the PI Web API.
Would you recommend using PI-API over the PI Web API for this use case?
Please do not use the PI API. It is an old an obsolete technology and you should use the newer AFSDK and PI Web API wherever possible.
Definitely do not use PI-API - it is obsolete, although it would work. The same goes for PI-SDK.
Depending on your application, use AF SDK or PI Web API. They are currently supported.
Retrieving data ...