AF SDK - RDA - Security

Discussion created by RJKSolutions on Feb 15, 2012
Latest reply on Feb 22, 2012 by RJKSolutions

How is data within a PI Server now secured when using RDA?  Is there now the responsibility to ensure the AF Database WIS matches the PI Server WIS (Mappings/Identities)?  Or is there now two layers of security when reading/writing data via RDA?


For example, you first need the AF "ReadData" permission to read data from an AFAttribute.  If the configured PI Point via the DR is not one the user has been configured to read in the PI Server WIS, I am assuming that the AF SDK RDA methods check the configured security under the hood.  What if an application had always used PI SDK based PI Trusts, does the use of RDA now force the use of WIS (which isn't a bad thing)?
Another example could be the opposite of the last example, a user has full write access to a PI Point but no access to the AF Attribute configured to that PI Point - does AF Security always have priority?  If so, what about in a world when we can use RDA directly against a PI Server rather than going through AF - or am I getting ahead of myself?


As there is no buffering support right now in the CTP I won't talk about buffering + security when using RDA for now.