Is there a way to actually give permission to a user (identity) over which tag creation/modifications would be allowed BUT prevent them from being able to delete any tag?
first of all many thanks to have posted your concern on PI Square!
let's see if I correctly understood the questions.
In SMT --> Point Builder (as in Excel PI Builder), you can modify the security inherent to each Point:
The fact is that the permissions are limited to Read and Write: you can allow or deny them, but if you deny the write permission, you would not be able to modify AND delete the point.
So there is not an identity that could be able to modify but not delete the points, I think.
One thing that can be done, even if it is not exactly what you asked is:
- User A creates the Point
- Security is modified so that User A can read the point, but not write (so no modifications or deletion).
Wider opportunities are instead present in AF where you can customize more the permissions at any level of the element trees:
Hope that this help you!
I have actually managed to create an Identity that can modify an existing tag but not able to delete it. The drawback is that this same isentity cannot create it either.
This was done by having this identity in POINT dbsecurity table as (r) and (r,w) locally on the ptsecurity.... The issue here is to manage creating the tag as well!!
That is indeed the only true way to go about it. By not giving W access to the PIPOINT table, the user cannot delete the table but he will also not be able to create one. If you want the user to be able to create a point it needs the write access (which also gives permission to delete).
The only way I can think of would be that the user would have W access to the PIPOINT table (so they can create a new one) and then explicitly remove the write permission on the point security for the specific point. In theory that would work, but in reality, it seems not practical at all since someone would need to edit the permission everytime a new point is created.
The identity you have created is indeed as much customization as I can think of. So you may have to need to decide between allowing the user to both create and delete or not.
Hi Achilleas Kasfikis,
From the research I have done it is not possible to achieve what you are after at the current moment. However, there is a enhancement request for 'Support for "Delete", "Create", and "Security" access in addition to Read and Write' in place and this is targeted for PI Data Archive 2017 R2. You can find more details here: https://techsupport.osisoft.com/Troubleshooting/Enhancements/25510OSI8
I hope this answers your question.
Retrieving data ...