• Recent
    • Tags
    • Popular
    • Register
    • Login

    Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

    Radix IoT Website Mango 4 Documentation Website Mango 5 Documentation Website Radix IoT LinkedIn

    API permissions - User who has permission on DataSource cannot create Datapoint to that source.

    Scheduled Pinned Locked Moved User help
    14 Posts 2 Posters 5.1k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      Balistar
      last edited by

      A attempt will be awarded a 422 http code. "Must retain permission". Not a 401 "Not Authorized". So perhaps I am missing something.

      I am not sure if this makes sense. If the admin chooses to give a user edit access to a DataSource, it seems logical that that user should also be able to create DataPoints. If the admin is concerned with DataSource security, the admin should not give the user edit permission to the DataSource, but only to DataPoints.

      1 Reply Last reply Reply Quote 0
      • MattFoxM Offline
        MattFox
        last edited by

        What version of mango are you using?
        I've got users who have edit access to virtual datasources and are able to create their own points/save tags etc on the fly.

        Fox

        Do not follow where the path may lead; go instead where there is no path.
        And leave a trail - Muriel Strode

        1 Reply Last reply Reply Quote 0
        • B Offline
          Balistar
          last edited by

          Fox. Running Core 3.7.3.

          Admin creates new USER. Admin creates DataSource and gives READ and WRITE access to new user ONLY for that DataPoint.

          New USER can EDIT DataSource, but cannot create DataPoints .Both through GUI and API with JWT.

          Once Admin Creates a new DataPoint for that DataSource new user can edit that DataPoint.

          The intent of Permission to a DataSource works correctly after Admin has created one and assigned read/write permissions for that DataSource to a User, that User has edit/set ability to all DataPoints of that DataSource without that user having explicit read/write permission to those DataPoints. I guess permission inheritance works for this.

          MattFoxM 1 Reply Last reply Reply Quote 0
          • MattFoxM Offline
            MattFox @Balistar
            last edited by

            @balistar Correct, you need edit permissions for a Datasource for a user because what they are doing is amending the datasource in the order of its points. The read/edit permissions for points more directly relate to point values rather than amending the points themselves.

            Do not follow where the path may lead; go instead where there is no path.
            And leave a trail - Muriel Strode

            1 Reply Last reply Reply Quote 0
            • B Offline
              Balistar
              last edited by

              Thanks for your fast response.

              I am probably missing something.

              New DataSource created by Admin. User (emon3175585) given permission to edit the DataSource.

              0_1581985065225_Image 127.jpg

              Yet, when user (emon3175585) logs in, the user cannot create new DataPoint.

              0_1581985190960_Image 128.jpg

              MattFoxM 1 Reply Last reply Reply Quote 0
              • MattFoxM Offline
                MattFox @Balistar
                last edited by MattFox

                @balistar said in API permissions - User who has permission on DataSource cannot create Datapoint to that source.:

                emon3175585

                Your user emon3175585
                must have permission emon3175585 assigned to it for it to work.

                Fox

                Do not follow where the path may lead; go instead where there is no path.
                And leave a trail - Muriel Strode

                1 Reply Last reply Reply Quote 0
                • B Offline
                  Balistar
                  last edited by

                  Naturally. But that was set already:

                  0_1581992332387_Image 129.jpg

                  1 Reply Last reply Reply Quote 0
                  • MattFoxM Offline
                    MattFox
                    last edited by

                    Strange the lack of role would explain the error...
                    console is still giving you the same exact error??

                    Do not follow where the path may lead; go instead where there is no path.
                    And leave a trail - Muriel Strode

                    1 Reply Last reply Reply Quote 0
                    • B Offline
                      Balistar
                      last edited by Balistar

                      There is no console error because there is no SAVE button to press.

                      Using the API with JWT issued to user emon3175585:

                      curl --location --request POST 'http://xx.xx.xx.xx:8080/rest/v2/data-points' \
                      --header 'Content-Type: application/json' \
                      --header 'Authorization: Bearer eyJhbGciOiJFUzUxMiJ9.eyJzdWIiOiJlbW9uMzE3NTU4NSIsImV4cCI6MTU4MTk5NjgxMywiaWQiOjQsInYiOjEsInR5cCI6ImF1dGgifQ.AClqeOT6yAQCjGMYfXaMlDVgAcVOftGy3TSCrjxWat-Iz2yFut5nP4wntnE1xas3VtieFbxVwffbhmXwngPhHi8VAEFPPoaCD11unJ5_VTVWJkwnx73Eq8L2sbI9abLVM_CXXXXXXXXXXXXXX' \
                      --data-raw '{
                        "name": "test12-test2",
                        "xid": "test12-test2",
                        "dataSourceXid" : "test12",
                        "pointLocator" : {
                             "startValue" : "0",
                             "modelType" : "PL.VIRTUAL",
                             "dataType" : "NUMERIC",
                             "settable" : true,
                             "changeType" : "NO_CHANGE",
                             "max": 100,
                             "maxChange": 0.01,
                             "min": 0
                          }
                      }'
                      

                      Results in error: 422 Unprocessable Entity

                      {
                        "result": {
                          "messages": [
                            {
                              "level": "ERROR",
                              "message": "Must retain permission",
                              "property": "readPermission"
                            },
                            {
                              "level": "ERROR",
                              "message": "Must retain permission",
                              "property": "setPermission"
                            }
                          ]
                        },
                        "mangoStatusCode": 4002,
                        "mangoStatusName": "VALIDATION_FAILED",
                        "localizedMessage": "Validation failed"
                      }
                      
                      1 Reply Last reply Reply Quote 0
                      • MattFoxM Offline
                        MattFox
                        last edited by MattFox

                        I see now, I think you're missing properties!
                        If you go to the swagger ui and pull a point by it's xid for an example, use that as a foundation and make your amendments, then fire that back in.
                        EDIT: at least add your user to have read only permission or else it cannot pull it through,

                        Fox

                        Do not follow where the path may lead; go instead where there is no path.
                        And leave a trail - Muriel Strode

                        1 Reply Last reply Reply Quote 0
                        • B Offline
                          Balistar
                          last edited by

                          Thanks. My goal is to keep the API request JSON as small as possible, so I omitted as much as possible to the POST request to create a DP. Too much.

                          You are right.

                            "readPermission":"emon3175585",
                            "setPermission":"emon3175585",
                          

                          needed to be added.

                          {
                            "name": "test12-test2",
                            "xid": "test12-test2",
                            "dataSourceXid" : "test12",
                            "readPermission":"emon3175585",
                            "setPermission":"emon3175585",
                            "pointLocator" : {
                                 "startValue" : "0",
                                 "modelType" : "PL.VIRTUAL",
                                 "dataType" : "NUMERIC",
                                 "settable" : true,
                                 "changeType" : "NO_CHANGE",
                                 "max": 100,
                                 "maxChange": 0.01,
                                 "min": 0
                              }
                          }
                          

                          My concern is the API, so that is solved.

                          The GUI DP creation permission may still have a problem as there is no SAVE button.

                          1 Reply Last reply Reply Quote 0
                          • MattFoxM Offline
                            MattFox
                            last edited by MattFox

                            Save is a private call inside mango's mangoUI.
                            You may as well use a controller, create a new point instance from the maPoint service, amend all of the values you need, then call

                            myNewPoint.$save(); //this is a post call
                            

                            For amendments use

                            myNewPoint.$update(); //this is a put call
                            

                            Attach those function calls to your own buttons, unless you're saying you're still having issues with the UI....

                            Do not follow where the path may lead; go instead where there is no path.
                            And leave a trail - Muriel Strode

                            1 Reply Last reply Reply Quote 0
                            • B Offline
                              Balistar
                              last edited by

                              No need for MangoUI other than now and then do Admin stuff, We use our own Dashboards.

                              0_1581995259249_Image 130.jpg

                              The API will be used in device on-boarding. Admin creates User, JWT, DataSource (device). Sets new user role to DataSource. This info will be set in device, which creates its own DataPoints (15 to 50) and uploads measuring data to the system from then on.

                              The JWT is not ideal from a security stand point, but good enough got us at the moment.

                              0_1581995701589_Image 131.jpg

                              1 Reply Last reply Reply Quote 0
                              • MattFoxM Offline
                                MattFox
                                last edited by

                                Looks like you've got it sorted, nicely done.

                                Do not follow where the path may lead; go instead where there is no path.
                                And leave a trail - Muriel Strode

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post