Community Tip - Did you get an answer that solved your problem? Please mark it as an Accepted Solution so others with the same problem can find the answer easily. X
Hi All,
I have a lot off error messages in application_log like : Unable to dispatch [ uri = /Things/PersistentSession124f3131-c19f-461d-b5ac-0bf932cadad1/Services/AddDynamicRemoteSubscription/]: Unable to Invoke Service AddDynamicRemoteSubscription on PersistentSession124f3131-c19f-461d-b5ac-0bf932cadad1 : Not authorized for ServiceInvoke on ForwardEvent in PersistentSession124f3131-c19f-461d-b5ac-0bf932cadad1
And this: error executing APIRequest Message: Not authorized for ServiceInvoke on ForwardEvent in PersistentSession124f3131-c19f-461d-b5ac-0bf932cadad1, sending ERROR ResponseMessage to caller!
I did find the CS386233 and tried the solution , i did change the permission on User level and UserGroup level only the error messages still come in the application_log.
anyone got an idea how to fix this.
We use TW version 9.3.8.
Best regards,
Emiel
It seems to be saying that the user doesn't have permissions on: ForwardEvent not AddDynamicRemoteSubscription.
Did you set permissions on that Service/Event?
Hi, Where can i find ForwardEvent service?
I, too, would like to know where the ForwardEvent service is. All I've been able to find is someone saying to add collection permissions to get this to work. Personally, I think that's lazy and doesn't really solve the problem since there are unwanted security issues with that approach.
The PersistentSessions things may come from Mashups which have a GetProperties service call with "Automatically update..".
I am not sure why the permission is missing and if it is "correct" to add it. But this would add it:
type: "ServiceInvoke"
resource: "ForwardEvent"
principal: "<username/groupname>"
principalType: "<User/Group>"
allow: true
I forgot how PTC named such services but they exist but are not shown in Composer services list. You can see them by visiting in browser e.g.:
https://TWXHOST/Thingworx/ThingTemplates/BrowserGateway/ServiceDefinitions/
and call them via a twx-service.
When I tried to add that permission using a wrapper, I got an error that "'ForwardEvent' service doesn't exist". Also, the services list is both missing several of the services that I can see and the ForwardEvent service, so I'm not sure how accurate that list is.
You are correct. Sorry, seems that I did not validate this correctly.
The PersistentSession things (which cause the error) does show the service in the ServiceDefinition Url. So I must have assumed this service comes from the ThingTemplate it uses.
But this is not the case as you noticed. Very weird.
Edit: At least a better workaround than giving "Collection"-ServiceInvoke permissions would be to add them only to the BrowserGateway-ThingTemplate (runtime serviceinvoke all). It is still not nice, but at least a lot more restrictive than collection level...
Hi @EM_10066743 ,
Typically, the following permissions are required for adding the dynamic subscription:
The user needs to have access to invoke the ForwardEvent service on the RemoteThing instance (BrowserGateway)
Property Read permission on the property being subscribed to or all properties of the thing if a property name is not supplied.
Visibility permission on the publisher thing.
And this article may also be helpful:
Can you confirm what operations will lead to those errors?
There are some permision management improvements since TW 8.5.
In order to find the root cause, we need to know the exact instance version and related operations first.
For now the solutions provided do not fix the error messages , after the summer holiday i will get back to it