Community Tip - Learn all about PTC Community Badges. Engage with PTC and see how many you can earn! X
I want to create a new Application Key that will be used by TW agent SDK to send a list of Property values on an VirtualThing using updateSubscribedProperties() method as well as call a few Services on "UtilityThing" thing, like when I need to register this VirtualThing (Create a Thing based on a certain RemoteThingTemplate).
I also have a few other services on UtilityThing thing that in turn call a couple of other custom services (There can be 2-3 levels of calls in the chain).
Question: Will I need to use "System" users for execute permission for these dependent services and only worry about Client visible Service.
Question: I need to be able to revoke "sending" permission from TW SDK agent which uses an appKey, let's say when the contract expires after 1 year if contract is not extended.
I want to know how to setup a new user associated with this Key with just enough rights to do above.
I also want to push some files or call services on VirtulThing from the serve.
Question: Do I need to call these services and/or something else?
//AddRunTimePermission
//AddVisibilityPermission
Queston: What I will apply these to?
Hi @rad1 I'll try to address some of this questions, please see below :
@rad1 wrote:
I want to create a new Application Key that will be used by TW agent SDK to send a list of Property values on an VirtualThing using updateSubscribedProperties() method as well as call a few Services on "UtilityThing" thing, like when I need to register this VirtualThing (Create a Thing based on a certain RemoteThingTemplate).
I also have a few other services on UtilityThing thing that in turn call a couple of other custom services (There can be 2-3 levels of calls in the chain).
Question: Will I need to use "System" users for execute permission for these dependent services and only worry about Client visible Service.
If i understand it right just by giving System user access right and denying the visibility / execution right to the actual user I think it likely not work while the user itself won't have the write to call those service. Anyhow System user is used only to handle the basic ThingWorx service. So in your case I think you will need to grant both visibility and execution write to this user see best practice on System user here.
Question: I need to be able to revoke "sending" permission from TW SDK agent which uses an appKey, let's say when the contract expires after 1 year if contract is not extended.
I want to know how to setup a new user associated with this Key with just enough rights to do above.
I also want to push some files or call services on VirtulThing from the serve.
It's difficult to answer without full visibility on the precise use case but generically speaking depending on the requirements i.e. whether or not user need design time & runtime permission apart from obviously visibility, both will be needed on all the entities.
For the point that you'll need to disable this App key after say contract expiry, may be calling the SetExpirationDate service on the Application key e.g.
var params = { expirationDate: undefined /* DATETIME */ }; // no return ApplicationKeys["CurlAppKey"].SetExpirationDate(params);
Question: Do I need to call these services and/or something else?
//AddRunTimePermission
//AddVisibilityPermission
Queston: What I will apply these to?
Services mentioned by you above would work if you are doing individual access permission mgmt. Since you'd likely have bunch of entities on which the user will need permission look for CollectionFunctions which is available under Resources in the Composer it contains services like
When calling them individually for e.g. i have a user "M" and to grant Visibility permission on an organisation I would do something like this from a service
var params = { principal: "MOrg" /* STRING */, principalType: "Organization" /* STRING */ }; // no return Users["m"].AddVisibilityPermission(params);