which permission I must set for a working tunneling connection?
My szenario: I have a device where EMS running on. The remote device is connected to TWX. With my admin user (in group Administators) I can established a tunneling connection with the device (for example ssh) and every works fine. Now when I try this with a normal user (no in Administators group) the connection failed immediately after the Thingworx Remote Access Client is started:
My current permissions:
Everyone has Visibility-Permissions via Visibility Instance of the Template of the device
The user has Runtime Property Read and Service Execute Permissions for the device
The user has DesignTime Read Permissions for the device
ThingworxInternalRemoteAccessProvider has Visibility Permissions for everyone
TunnelSubsystem has Visibility Permissions for Everyone
The user has Runtime Property Read and Service Execute Permissions for TunnelSubsystem
The user has DesignTime Read Permissions for the TunnelSubsystem
[WARN ] 2020-08-18 11:23:00,981 SDK: sendCtlFrame: Not connected
This two lines will appear in Application Log:
Unable to dispatch [ uri = /Things/tw-ra-client-1c90fe81-90c0-4f00-82dc-e8ce00aa4593/Services/EnableThing/]: Unable to Invoke Service EnableThing on tw-ra-client-1c90fe81-90c0-4f00-82dc-e8ce00aa4593 : Not authorized for ServiceInvoke on EnableThing in tw-ra-client-1c90fe81-90c0-4f00-82dc-e8ce00aa4593
error executing APIRequest Message: Not authorized for ServiceInvoke on EnableThing in tw-ra-client-1c90fe81-90c0-4f00-82dc-e8ce00aa4593, sending ERROR ResponseMessage to caller!
Its looks like he create a thing names tw-ra-client-1c90fe81-90c0-4f00-82dc-e8ce00aa4593 but has not the permissions to call EnableThing.
Based on the error you provided, we would recommend that you re-check to ensure the the permissions are set correctly. You can also consider using an appKey as referenced in this Help Center page. There is also a tutorial available in the Help Center that may be useful.