cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you get called away in the middle of writing a post? Don't worry you can find your unfinished post later in the Drafts section of your profile page. X

Creating minimum User permissions, associated with AppKey and used in TW SDK agent

rad1
9-Granite
9-Granite
‎May 23, 2018 03:07 AM
‎May 23, 2018 03:07 AM

Creating minimum User permissions, associated with AppKey and used in TW SDK agent

I want to create a new Application Key that will be used by TW agent SDK to send a list of Property values on an VirtualThing using updateSubscribedProperties() method as well as call a few Services on "UtilityThing" thing, like when I need to register this VirtualThing (Create a Thing based on a certain RemoteThingTemplate).

I also have a few other services on UtilityThing thing that in turn call a couple of other custom services (There can be 2-3 levels of calls in the chain). 

 

Question: Will I need to use "System" users for execute permission for these dependent services and only worry about Client visible Service.

 

Question: I need to be able to revoke "sending" permission from TW SDK agent which uses an appKey, let's say when the contract expires after 1 year if contract is not extended.

 

I want to know how to setup a new user associated with this Key with just enough rights to do above.

I also want to push some files or call services on VirtulThing from the serve.

 

Question: Do I need to call these services and/or something else?

//AddRunTimePermission
//AddVisibilityPermission

 

Queston: What I will apply these to?

 

 

Labels:
0 Kudos
Notify Moderator
1 REPLY 1
supandey
19-Tanzanite
19-Tanzanite
(To:rad1)
‎May 24, 2018 10:18 AM
‎May 24, 2018 10:18 AM

Hi @rad1 I'll try to address some of this questions, please see below :

 

@rad1 wrote:

I want to create a new Application Key that will be used by TW agent SDK to send a list of Property values on an VirtualThing using updateSubscribedProperties() method as well as call a few Services on "UtilityThing" thing, like when I need to register this VirtualThing (Create a Thing based on a certain RemoteThingTemplate).

I also have a few other services on UtilityThing thing that in turn call a couple of other custom services (There can be 2-3 levels of calls in the chain). 

 

Question: Will I need to use "System" users for execute permission for these dependent services and only worry about Client visible Service.

 

If i understand it right just by giving System user access right and denying the visibility / execution right to the actual user I think it likely not work while the user itself won't have the write to call those service. Anyhow System user is used only to handle the basic ThingWorx service. So in your case I think you will need to grant both visibility and execution write to this user see best practice on System user here

 

Question: I need to be able to revoke "sending" permission from TW SDK agent which uses an appKey, let's say when the contract expires after 1 year if contract is not extended.

 

I want to know how to setup a new user associated with this Key with just enough rights to do above.

I also want to push some files or call services on VirtulThing from the serve.

 

It's difficult to answer without full visibility on the precise use case but generically speaking depending on the requirements i.e. whether or not user need design time & runtime permission apart from obviously visibility,  both will be needed on all the entities.

 

For the point that you'll need to disable this App key after say contract expiry, may be calling the SetExpirationDate service on the Application key e.g.

 

var params = {
	expirationDate: undefined /* DATETIME */
};

// no return
ApplicationKeys["CurlAppKey"].SetExpirationDate(params);

 

Question: Do I need to call these services and/or something else?

//AddRunTimePermission
//AddVisibilityPermission

 

Queston: What I will apply these to?

 

Services mentioned by you above would work if you are doing individual access permission mgmt. Since you'd likely have bunch of entities on which the user will need permission look for CollectionFunctions which is available under Resources in the Composer it contains services like 

 24-05-2018 16-15-56.jpg

 

When calling them individually for e.g. i have a user "M" and to grant Visibility permission on an organisation I would do something like this from a service 

 

var params = {
	principal: "MOrg" /* STRING */,
	principalType: "Organization" /* STRING */
};

// no return
Users["m"].AddVisibilityPermission(params);

 

0 Kudos
Notify Moderator
Top Tags