I am trying to restrict the visibility of things to the appkey user at the edge for our remote devices but have hit a problem which I'm hoping someone can help with. All our remote devices have a unique appkey.
Our edge server is configured to execute a fault event as and when they occur on our device. This event is subscribed to by the representative/device thing on the server (at template instance level). This all works fine, but as part of the subscription we also wish to send notification emails to our customer users. Ideally we would like the edge appkey user to have no visibility of the customer, it's users and their data (email address etc.). From the logs I can see that the subscription is run in the context of the appkey user. If we remove visibility of the customer and their users from the edge appkey then the subscription fails (understandably).
My question is: Is there any way to achieve this without giving the appkey visibility of the customer & customer users? I had tried to execute a second event from within the first subscription, and have the customer thing dynamically subscribe to that, but it appears that the second dynamic subscription is also run in the context of the appkey user, and so has the same visibility issue
I'm trying to get to a situation whereby if someone used the REST API with the remote device appkey they would only see the remote device and not who the device belonged to.