Recently we just installed PI Web API 2016 R2 in our brand new computer. No other service/application has been installed in this computer. Everything is working fine except I can't find any documentation regarding what permissions need to be granted to PI Web API service account on AF server/database side. We use Kerberos authentication and this service account is used for both PI Web API service and PI Web API Crawler. I would prefer sufficient permissions are granted for PI Web API to read/write/update/delete data but not too loose in terms of security.
Any documentation/articles for us to follow?