I had some questions related to the security involving PI Web API.
I would like to brief some points regarding the environment/solution -
1.We are using basic authentication and are encrypting the user details in Kafka connecter.
2.We tested it in a development environment where Kafka, PI server and AF server were installed in the same machine. It worked perfectly fine- both authentication and data streaming.
3.The solution contains an AF solution, where several "PI point" data referenced attributes are involved. Some calculations are performed on these source PI points and the results are stored in other PI points.
4.On the production environment. the source PI points belong to 12 different Plant PI servers, while the PI points with result are created in corporate PI server.
5.The user details encrypted for basic authentication does not have read access to the individual plant PI servers, but do have read access to the AF server and the corporate PI server which store the result PI tag. PI web API is used to query the these result PI point attributes.
6.The machine from which the Kafka connector requests sends query to PI web API has PI trust access to the 12 plant PI server.
Now my query is - Will the user, which is configured with basic authentication, be able to pull the data for these PI Point attributes with above access and rights?
I understand the user should have read access to each of the individual PI server in order to fetch the values from the AF as AF analysis will not execute correctly if the user doesn't have access to the inputs of the analysis.
This can be lengthy and hence seeing if there is any work around.
If any additional information is required let me know.