cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - If community subscription notifications are filling up your inbox you can set up a daily digest and get all your notifications in a single email. X

Unable to Invoke Service AddDynamicRemoteSubscription > CS386233

EM_10066743
7-Bedrock
7-Bedrock
‎Jul 18, 2023 08:33 AM
‎Jul 18, 2023 08:33 AM

Unable to Invoke Service AddDynamicRemoteSubscription > CS386233

Hi All,

 

I have a lot off error messages in application_log like : Unable to dispatch [ uri = /Things/PersistentSession124f3131-c19f-461d-b5ac-0bf932cadad1/Services/AddDynamicRemoteSubscription/]: Unable to Invoke Service AddDynamicRemoteSubscription on PersistentSession124f3131-c19f-461d-b5ac-0bf932cadad1 : Not authorized for ServiceInvoke on ForwardEvent in PersistentSession124f3131-c19f-461d-b5ac-0bf932cadad1

 

And this:  error executing APIRequest Message: Not authorized for ServiceInvoke on ForwardEvent in PersistentSession124f3131-c19f-461d-b5ac-0bf932cadad1, sending ERROR ResponseMessage to caller!

 

I did find the CS386233 and tried the solution , i did change the permission on User level and UserGroup level only the error messages still come in the application_log.

 

anyone got an idea how to fix this.

We use TW version 9.3.8.

 

Best regards,

Emiel

Labels:
0 Kudos
Notify Moderator
9 REPLIES 9
PaiChung
22-Sapphire I
22-Sapphire I
(To:EM_10066743)
‎Jul 18, 2023 03:29 PM
‎Jul 18, 2023 03:29 PM

It seems to be saying that the user doesn't have permissions on: ForwardEvent not AddDynamicRemoteSubscription.

Did you set permissions on that Service/Event?

0 Kudos
Notify Moderator
EM_10066743
7-Bedrock
7-Bedrock
(To:PaiChung)
‎Jul 19, 2023 03:04 AM
‎Jul 19, 2023 03:04 AM

Hi, Where can i find ForwardEvent service?

Notify Moderator
Ike@ACE
13-Aquamarine
13-Aquamarine
(To:EM_10066743)
‎Jul 21, 2023 10:51 AM
‎Jul 21, 2023 10:51 AM

I, too, would like to know where the ForwardEvent service is. All I've been able to find is someone saying to add collection permissions to get this to work. Personally, I think that's lazy and doesn't really solve the problem since there are unwanted security issues with that approach.

Notify Moderator
nmutter
14-Alexandrite
14-Alexandrite
(To:Ike@ACE)
‎Jul 31, 2023 05:33 PM
‎Jul 31, 2023 05:33 PM

The PersistentSessions things may come from Mashups which have a GetProperties service call with "Automatically update..".

 

I am not sure why the permission is missing and if it is "correct" to add it. But this would add it:

  • The "PersistentSession"-things are created with ThingTemplate 'BrowserGateway'. You may want to look at the Runtime Instance permissions of it.
  • To add the "ForwadEvent" ServiceInvoke permissions you need to do this via service call executing 'AddInstanceRunTimePermission' on the ThingTemplate with parameters
type: "ServiceInvoke"
resource: "ForwardEvent"
principal: "<username/groupname>"
principalType: "<User/Group>"
allow: true

I forgot how PTC named such services but they exist but are not shown in Composer services list. You can see them by visiting in browser e.g.:

https://TWXHOST/Thingworx/ThingTemplates/BrowserGateway/ServiceDefinitions/

and call them via a twx-service.

0 Kudos
Notify Moderator
Ike@ACE
13-Aquamarine
13-Aquamarine
(To:nmutter)
‎Aug 08, 2023 04:26 PM
‎Aug 08, 2023 04:26 PM

When I tried to add that permission using a wrapper, I got an error that "'ForwardEvent' service doesn't exist". Also, the services list is both missing several of the services that I can see and the ForwardEvent service, so I'm not sure how accurate that list is.

0 Kudos
Notify Moderator
nmutter
14-Alexandrite
14-Alexandrite
(To:Ike@ACE)
‎Aug 09, 2023 03:27 AM
‎Aug 09, 2023 03:27 AM

You are correct. Sorry, seems that I did not validate this correctly.

The PersistentSession things (which cause the error) does show the service in the ServiceDefinition Url. So I must have assumed this service comes from the ThingTemplate it uses.

nmutter_0-1691565821938.png

But this is not the case as you noticed. Very weird.

 

Edit: At least a better workaround than giving "Collection"-ServiceInvoke permissions would be to add them only to the BrowserGateway-ThingTemplate (runtime serviceinvoke all). It is still not nice, but at least a lot more restrictive than collection level...

0 Kudos
Notify Moderator
CharlesJi
14-Alexandrite
14-Alexandrite
(To:EM_10066743)
‎Jul 20, 2023 12:32 AM
‎Jul 20, 2023 12:32 AM

Hi @EM_10066743 ,

Typically, the following permissions are required for adding the dynamic subscription:

  1. The user needs to have access to invoke the ForwardEvent service on the RemoteThing instance (BrowserGateway)

  2. Property Read permission on the property being subscribed to or all properties of the thing if a property name is not supplied.

  3. Visibility permission on the publisher thing.

And this article may also be helpful:

https://www.ptc.com/en/support/article/cs346816

Notify Moderator
wcui
14-Alexandrite
14-Alexandrite
(To:EM_10066743)
‎Jul 31, 2023 10:44 PM
‎Jul 31, 2023 10:44 PM

Can you confirm what operations will lead to those errors?

There are some permision management improvements since TW 8.5.

In order to find the root cause, we need to know the exact instance version and related operations first. 

0 Kudos
Notify Moderator
EM_10066743
7-Bedrock
7-Bedrock
(To:wcui)
‎Aug 09, 2023 02:46 AM
‎Aug 09, 2023 02:46 AM

For now the solutions provided do not fix the error messages , after the summer holiday i will get back to it

0 Kudos
Notify Moderator
Top Tags