Community Tip - You can change your system assigned username to something more personal in your community settings. X
Hi,
which permission I must set for a working tunneling connection?
My szenario: I have a device where EMS running on. The remote device is connected to TWX. With my admin user (in group Administators) I can established a tunneling connection with the device (for example ssh) and every works fine. Now when I try this with a normal user (no in Administators group) the connection failed immediately after the Thingworx Remote Access Client is started:
My current permissions:
The log of ems (wsems_log1.log) lookes like this:
*****************
TUNNEL NOTIFICATION:
ID: 5f74895a-a5b0-4524-b078-3e270b1be686
ThingName: d_e_v_i_c_eb90f6514_1da6_4cbd_80ac_98de964f2bcc
State: STARTED
Target: 1.0.2.13:22
StartTime: 2020-08-18 11:21:30,671
EndTime: Still in Progress
Duration: 0 msec
User: Unknown
Bytes Sent: 0
Bytes Rcvd: 0
Message:
*****************
[FORCE] 2020-08-18 11:21:30,671 SDK: TUNNEL CREATED. Entity: d_e_v_i_c_eb90f6514_1da6_4cbd_80ac_98de964f2bcc, tid: 5f74895a-a5b0-4524-b078-3e270b1be686,>
[INFO ] 2020-08-18 11:21:30,768 SDK: twWs_Connect: Websocket connected!
[FORCE] 2020-08-18 11:21:30,768 SDK: TUNNEL STARTED. Entity: d_e_v_i_c_eb90f6514_1da6_4cbd_80ac_98de964f2bcc, tid: 5f74895a-a5b0-4524-b078-3e270b1be686,>
[WARN ] 2020-08-18 11:23:00,945 SDK: twWs_Receive: Websocket closed!
[AUDIT] 2020-08-18 11:23:00,981 :
*****************
TUNNEL NOTIFICATION:
ID: 5f74895a-a5b0-4524-b078-3e270b1be686
ThingName: d_e_v_i_c_eb90f6514_1da6_4cbd_80ac_98de964f2bcc
State: ENDED
Target: 1.0.2.13:22
StartTime: 2020-08-18 11:21:30,671
EndTime: 2020-08-18 11:23:00,981
Duration: 90310 msec
User: Unknown
Bytes Sent: 43
Bytes Rcvd: 0
Message: Websocket was closed
*****************
[WARN ] 2020-08-18 11:23:00,981 SDK: sendCtlFrame: Not connected
This two lines will appear in Application Log:
Unable to dispatch [ uri = /Things/tw-ra-client-1c90fe81-90c0-4f00-82dc-e8ce00aa4593/Services/EnableThing/]: Unable to Invoke Service EnableThing on tw-ra-client-1c90fe81-90c0-4f00-82dc-e8ce00aa4593 : Not authorized for ServiceInvoke on EnableThing in tw-ra-client-1c90fe81-90c0-4f00-82dc-e8ce00aa4593
error executing APIRequest Message: Not authorized for ServiceInvoke on EnableThing in tw-ra-client-1c90fe81-90c0-4f00-82dc-e8ce00aa4593, sending ERROR ResponseMessage to caller!
Its looks like he create a thing names tw-ra-client-1c90fe81-90c0-4f00-82dc-e8ce00aa4593 but has not the permissions to call EnableThing.
The other logs looks normal.
Hi @drichter.
Based on the error you provided, we would recommend that you re-check to ensure the the permissions are set correctly. You can also consider using an appKey as referenced in this Help Center page. There is also a tutorial available in the Help Center that may be useful.
Regards.
--Sharon