Let us consider the following scenario:
UserA creates ThingA programmatically. This means that UserA is automatically the owner of ThingA and has all permissions on it. How can I remove UserA as the owner of ThingA, so that UserA has no visibility or permissions on ThingA anymore? And is it possible that UserA removes himself as the owner (without administrator rights)?
Executing the setOwner service on ThingA as Administrator with the Administrator as new owner parameter seems to do exactly that - replace UserA with Administrator as the owner. However, the setOwner service belongs to the so-called Administrator Service, i.e. only users in the Administrators User Group can execute it. In my use case, I want to avoid adding UserA to the Administrators User Group and I need to remove the ownership directly after ThingA is created.
In a nutshell: I need a mechanism to create a Thing as a specific user and afterwards remove this user's permissions from the newly created Thing.
Maybe there is a way to execute the setOwner as Administrator whilst logged in as a normal user? But this would probably also require that the normal user has visibility of the Administrator User..
Hi @IPA I'm not really sure what's the use case behind this but may be you could look into some sort of event that can be fired upon creation of every new thing and then can have System user (which is a special user to manage all the internal services) execute the setOwner()
You can read more on System User in the Help Center
Well, the use case is that users shall be able to register their own Things on the platform. Moreover, in the future a Thing may shall only be accessible by another user than the user that registered it. This requires a change of the Thing owner in order to be able to administer the accessibility of the Thing.
Regarding your proposed solution, if a user creates a Thing and we have an event that is fired with a subscription that sets the owner, the user context of the executing subscription is still that of the (simple) user and not of the System user.