cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Help us improve the PTC Community by taking this short Community Survey! X

Problems with permissions on custom service

Go to solution
miikkae
1-Newbie
1-Newbie
‎Aug 04, 2015 10:28 AM
‎Aug 04, 2015 10:28 AM

Problems with permissions on custom service

I've created a service for creating new Things based on the unbound Remote Things. I've an external SDK agent running this service with a Thing called "MyConnector".

At first I tried this manually with the "Test" button in services tab and it worked fine.

Then I added an applicationKey running as my administrator user and used it to connect new Things to the TWX, and when "MyConnector" was running this service, it created them as it should.

I then tried to create an external user to be used for this application with the applicationKey but I keep getting this error from "MyConnector" Thing:

Reason: Unable to dispatch [ uri = /Things/MyConnector/Services/CreateUnboundRemoteThings/]: Unable to Invoke Service CreateUnboundRemoteThings on MyConnector : Execution error in service script [MyConnector CreateUnboundRemoteThings] : Wrapped com.thingworx.common.exceptions.InvalidRequestException: Not authorized for Create Cause: Not authorized for Create

Here's my CreateUnboundRemoteThings service from MyTestThingTemplate:

var newRemoteThings=Resources["DeviceFunctions"].GetUnboundRemoteThings({maxItems:undefined});
var result=Resources["InfoTableFunctions"].CreateInfoTableFromDataShape({InfoTableName:"CreatedThings",dataShapeName:"NewThingsDataShape"});
for (var i=0;i<newRemoteThings.length;i++){
  Resources["EntityServices"].CreateThing({thingTemplateName:"MyTestThingTemplate",description:undefined,name:newRemoteThings.name});
  Things[newRemoteThings.name].EnableThing();
  Things[newRemoteThings.name].RestartThing();
  result.AddRow({ThingName:newRemoteThings.name});
}

I've added that user permissions for:

  • DeviceFunctions -> GetUnboundRemoteThings service
  • InfoTableFunctions -> CreateInfoTableFromDataShape service
  • EntityServices -> CreateThing service
  • MyTestThingTemplate -> RestartThing and EnableThing services
  • Full permissions on MyConnector Thing
  • Full permissions on NewThingsDataShape

Any idea what permissions am I missing? I've been stuck with this permission problem most of today and can't figure out what I'm missing. At some point I also added that user full design time and run time permissions on DeviceFunctions, InfoTableFunctions, EntityServices, MyTestThingTemplate, "MyConnector" Thing and NewThingDataShape but didn't work even then.

Is the problem due to the fact that my service is local and not remote service (you can't insert script to remote service) ?

Why does it work with my Administrator account then?

Labels:
0 Kudos
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
paic
1-Newbie
1-Newbie
(To:miikkae)
‎Aug 04, 2015 03:39 PM
‎Aug 04, 2015 03:39 PM

Looks like the User/Group needs permission to Things/Create in the Design Time permissions of Things

View solution in original post

0 Kudos
Notify Moderator
5 REPLIES 5
paic
1-Newbie
1-Newbie
(To:miikkae)
‎Aug 04, 2015 03:39 PM
‎Aug 04, 2015 03:39 PM

Looks like the User/Group needs permission to Things/Create in the Design Time permissions of Things

0 Kudos
Notify Moderator
miikkae
1-Newbie
1-Newbie
(To:paic)
‎Aug 05, 2015 02:57 AM
‎Aug 05, 2015 02:57 AM

I tried giving Design Time Create permissions for both MyTestThingTemplate and MyConnector Thing but still getting the same error.
Is there some global Things/Create permission for all Things or did you mean one of these?

0 Kudos
Notify Moderator
miikkae
1-Newbie
1-Newbie
(To:paic)
‎Aug 05, 2015 03:20 AM
‎Aug 05, 2015 03:20 AM

Ah, I just now realized the permission mark appearing next to the plus sign on menu hover. Found the global permission and it seems to be working now!

Thanks a lot!

0 Kudos
Notify Moderator
miikkae
1-Newbie
1-Newbie
(To:paic)
‎Aug 05, 2015 10:17 AM
‎Aug 05, 2015 10:17 AM

Just a quick followup about this: Is it possible to detect the ThingTemplate of the instance gotten from Resources["DeviceFunctions"].GetUnboundRemoteThings() service?

Would be quite necessary to ensure that is actually the one I'm willing to create or at least use the correct template for the Thing to be Created.

That service only returns:
name=com.thingworx.types.primitives.StringPrimitive@71f9e2fe, isIdentifier=com.thingworx.types.primitives.BooleanPrimitive@4ca5cc27

so it doesn't seem that easy

0 Kudos
Notify Moderator
miikkae
1-Newbie
1-Newbie
(To:miikkae)
‎Aug 06, 2015 03:26 AM
‎Aug 06, 2015 03:26 AM

Well, I guess, before binding the thing, finding out the template ain't possible.

Moved the connector service call at the beginning of the main function in the SDK agent that updates other properties to new things. Now, at least, I only call it when those new things are just started and going to be bound

0 Kudos
Notify Moderator
Top Tags