cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Help us improve the PTC Community by taking this short Community Survey! X

ServiceInvoke permissions on System Resource Service

ngarner
1-Visitor
1-Visitor
‎Oct 26, 2015 03:13 PM
‎Oct 26, 2015 03:13 PM

ServiceInvoke permissions on System Resource Service

Hello,

I'm experimenting with creation of Things via POST using HTTP through a TCP socket to solve a particular problem.

POST /Thingworx/Resources/EntityServices/Services/CreateThing?appKey=ac5fddf2-760d-48ae-9a90-d73d23fd90ba HTTP/1.1

Content-Type: application/json

Host: <...>

Connection: close

User-Agent: MyFirmware

Content-Length: 51

{"name":"test1","thingTemplateName":"GenericThing"}

 

This works fine provided the appKey is tied to the system Administrator account.  I tried to edit Design/Run Time permissions for CreateThing to permit a specific user that has an app key and I receive a message that you cannot edit system objects. 

Does the system administrator account have to be used for remote execution of system resource services?  I don't see a way to specify a user as a system admin. 

Thank you,

Nick

0 Kudos
Notify Moderator
4 REPLIES 4
Aanjan
12-Amethyst
12-Amethyst
(To:ngarner)
‎Oct 26, 2015 03:58 PM
‎Oct 26, 2015 03:58 PM

Nick, you won't actually be able to 'edit' system objects. For example, in your case, if you want to access the permissions screen for the EntityServices Resource, you can click on the Resources menu, and instead of opening EntityServices, click on the lock icon at the far right in the same row. That will bring up the Visibility/ RunTime and DesignTime screens where you can edit/ add your specific user.         

0 Kudos
Notify Moderator
ngarner
1-Visitor
1-Visitor
(To:Aanjan)
‎Oct 26, 2015 05:15 PM
‎Oct 26, 2015 05:15 PM

Great, thank you, Aanjan.

0 Kudos
Notify Moderator
paic
12-Amethyst
12-Amethyst
(To:ngarner)
‎Oct 27, 2015 08:27 AM
‎Oct 27, 2015 08:27 AM

Please note that in these situations Best Practice is to allow a System user to have permission to these services, but to create 'wrapped' services that then leverage the System user. This way you can properly secure 'Administrative' services.

0 Kudos
Notify Moderator
SajidPatel
12-Amethyst
12-Amethyst
(To:paic)
‎Aug 08, 2016 01:10 PM
‎Aug 08, 2016 01:10 PM

Hi Pai,

     Is there an example for wrapping a service to be invoked by a different (system) user on the platform?

Thanks,

Sajid

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags