cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Want the oppurtunity to discuss enhancements to PTC products? Join a working group! X

IntegrationRuntime Add Run Time Permissions "PropertyRead" in Service

lspears
6-Contributor
6-Contributor
‎Dec 14, 2021 10:37 AM
‎Dec 14, 2021 10:37 AM

IntegrationRuntime Add Run Time Permissions "PropertyRead" in Service

So I've started looking into this and so far, I've been seeing that you need to use AddInstanceRunTimePermission instead of AddRunTimePermission in order to set the "Property Read" Runtime Permission. This is my code currently:

// Sets ServiceInvoke Runtime Permission of IntegrationRuntime for required GroupName
ThingTemplates["IntegrationRuntime"].AddRunTimePermission({
principal: name /* STRING */,
allow: true /* BOOLEAN */,
resource: "*" /* STRING */,
type: "ServiceInvoke" /* STRING */,
principalType: "Group" /* STRING */
});
ThingTemplates["IntegrationRuntime"].AddInstanceRunTimePermission({
principal: name /* STRING */,
allow: true /* BOOLEAN */,
resource: "*" /* STRING */,
type: "PropertyRead" /* STRING */,
principalType: "Group" /* STRING */
});

 

And after running it I get this with no errors:

lspears_0-1639496107304.png

Service Execute is allowed like I want but is there no way to set Property Read to allow using AddRunTimePermission? Because I can set it to allow when editing the permissions on the entity itself, so why am I unable to in the service?

Any clarity on this is very much appreciated.

Labels:
0 Kudos
Notify Moderator
1 REPLY 1
PaiChung
22-Sapphire I
22-Sapphire I
(To:lspears)
‎Dec 14, 2021 04:07 PM
‎Dec 14, 2021 04:07 PM

AddInstanceRunTimePermission  vs AddRunTimePermission 

AddRunTimePermission  is used to set permissions on the actual Entity itself.

But if you have a ThingShape or ThingTemplate, these will spin off into 'Instances' ie Things, so to set permissions for those you would use AddInstanceRunTimePermission 

 

When you are viewing the permissions you will see the first one on the Template itself and then the second one on the Instance tab, there is a toggle icon that helps you switch between viewing the Template Permissions and the Template Instance Permissions. (Looks like single screen vs. stacked multiple screens)

 

I will add as a best practice, you should never give the 'All Service Execute', but always use 'Override' to give permissions to specific services and use the System user on 'All Service Execute' true for the Template itself as well as the Template Instance.

 

Please note that the permission you set for service execute, only permits OOTB or inherited Template services, all the custom services you may have added to the template are all 'Instance' or Thing Services.

So if you for example created: "DoThisCalc" service, you need Service Instance Override permission for that service.

But if you were using "GetImplementingThings" that is a Template based service.

Hope that makes sense.

Notify Moderator
Top Tags