cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about PTC Community Badges. Engage with PTC and see how many you can earn! X

Assigning the System User through Script

No ratings

The System user is pivotal in securing your application and the simplest approach is to assign the System user to ALL Collections and give it Runtime Service Execute.

These Collection Permissions ONLY Export to ThingworxStorage vs. the File Export, it becomes quite painful to manage this and then roll this out to a new machine.

Best and fastest solution? Script the Assignment, you can take this script which does it for the System user and extend it to include any other Collection Level permissions you might need to set, like adding Entity Create Design Time for the System user.

---------------------------------------------------------

//@ThingworxExtensionApiMethod(since={6,6})

//public void AddCollectionRunTimePermission(java.lang.String collectionName,

//       java.lang.String type,

//       java.lang.String resource,

//       java.lang.String principal,

//       java.lang.String principalType,

//       java.lang.Boolean allow)

//    throws java.lang.Exception

//

//Service Category:

//    Permissions

//

//Service Description:

//    Add a run time permission.

//

//Parameters:

//    collectionName - Collection name (Things, Users, ThingShapes, etc.) - STRING

//    type - Permission type (PropertyRead PropertyWrite ServiceInvoke EventInvoke EventSubscribe) - STRING

//    resource - Resource name (* = all or enter a specific resource to override) - STRING

//    principal - Principal name (name of user or group) - STRING

//    principalType - Principal type (User or Group) - STRING

//    allow - Permission (true = allow, false = deny) - BOOLEAN

//Throws:

//    java.lang.Exception - If an error occurs

//  

var params = {

    modelTags: undefined /* TAGS */,

    type: undefined /* STRING */

};

// result: INFOTABLE dataShape: EntityCount

var EntityTypeList = Subsystems["PlatformSubsystem"].GetEntityCount(params);

for each (var row in EntityTypeList.rows) {

    try {

        var params = {

            principal: "System" /* STRING */,

            allow: true /* BOOLEAN */,

            resource: "*" /* STRING */,

            type: "ServiceInvoke" /* STRING */,

            principalType: "User" /* STRING */,

            collectionName: row.name /* STRING */

        };

        // no return

        Resources["CollectionFunctions"].AddCollectionRunTimePermission(params);

    }

    catch(err) {

    }

}

Was this tip helpful? Yes No
Version history
Last update:
‎Oct 28, 2016 03:37 PM
Updated by:
22-Sapphire I
Labels (2)
Labels: