cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X

Monitor Log Access in 7.1

chrish
1-Newbie

Monitor Log Access in 7.1

We've upgraded to v7.1 of Thingworx and I'm attempting to not make everyone an Admin.

However, it seems without access to Administrators group; users can't get to Monitor through Composer and actually see log data. They can see and reach monitor mashup, but not the actual logs. See screenshot.

I've tried several things with no success, I look forward to the normal great guidance on this.

1 ACCEPTED SOLUTION

Accepted Solutions
chrish
1-Newbie
(To:chrish)

Thank you Aanjan for your guidnace. I did get a definitive answer to this question from a case I opened with PTC Support. Thank you to Polina for her normal great support.

SOLUTION:


1. Set EntityServices Resource collection permissions:

pic.png

1b. Now the user I created and used in my test scenario is called “log” (please disregard “System” user as it’s for a different test scenario):

pic.png

pic.png

   

1c. Set Visibility, to the "Development" Org.

  

2. Repeat STEP 1 for the Logging Subsytem and System>Logs Collection.

3. Again similarly as in the previous steps for Visibility; you must make sure Visibility settings on Mashup Collection allows access to the Development Org (or whatever Org should have access to view mashups).

View solution in original post

9 REPLIES 9
ankigupta
5-Regular Member
(To:chrish)

Hi Christopher,

By looking at the screenshots; it seems that user does not have access permissions to System->Logs-> ApllicationLog and other logs.

In general; user does not have access to various entities related to log viewer Mashup. You can login as Administrator in a different browser and check the Application logs when user try to view to logs. There will be multiple error generated for permissions. You would need to give access to all those entities to the user.

Administrator has access to everything by default so he does not require explicit access Rights to these entities but other non-Admin users require it to access them.

As stated in my post, we are trying to implement security controls that mean NOT making everyone an Administrator. I know what the symbols in my screen shots mean; my post was to ask for an alternative to granting access that doesn't require granting Admin privileges.

Users should have access to view logs without being complete Admins on the server.

Aanjan
9-Granite
(To:chrish)

Chris, just to check, have you set permissions on the 'Logs' entity? This is available under the 'System' section at the Composer's homepage. You would need to give Visibility permissions and Service Execute permissions on Runtime permissions to display and query for logs respectively.

ankigupta
5-Regular Member
(To:chrish)

Hi Christopher,

Sorry for not being clear. I am not suggesting you to grant Admin Privileges to the user. Log Viewer is also a Mashup and just like other normal mashups users need permissions to the entities related to the log viewer so as to view it properly.

Could you please check; does user have visibility and service execute permissions to Composer ->System->Logs-> ApllicationLog and other logs.

I've went into System>Logs and set the collection Permissions for Visibility ("Everyone" org) and for DesignTime/RunTime for full access to "Developers" group. Still same result above. Additionally, I've added the same access privileges to each individual Log entity inside this collection; still same problem.

Aanjan
9-Granite
(To:chrish)

Do you still have the 'Users' group in the Everyone org? If you still have that, any user should be able to see/ access anything; so that's why the first step in securing the platform is removing the 'Users' group from the Everyone org.

chrish
1-Newbie
(To:Aanjan)

I had not done that yet because of this issue. I left it there to try and avoid this problem.  I'll remove Users from Everyone Org, but not sure how that helps.

Aanjan
9-Granite
(To:chrish)

Try this - access the collection permissions on the EntityServices Resource and give your user Service Execute permissions on the same (I'm assuming you still have Users in Everyone at the moment).

chrish
1-Newbie
(To:chrish)

Thank you Aanjan for your guidnace. I did get a definitive answer to this question from a case I opened with PTC Support. Thank you to Polina for her normal great support.

SOLUTION:


1. Set EntityServices Resource collection permissions:

pic.png

1b. Now the user I created and used in my test scenario is called “log” (please disregard “System” user as it’s for a different test scenario):

pic.png

pic.png

   

1c. Set Visibility, to the "Development" Org.

  

2. Repeat STEP 1 for the Logging Subsytem and System>Logs Collection.

3. Again similarly as in the previous steps for Visibility; you must make sure Visibility settings on Mashup Collection allows access to the Development Org (or whatever Org should have access to view mashups).

Top Tags