User Permissions with client list.
I've got two sites within the mango ecosystem.
I created a user called "test" in both domains - and gave that person permissions of "user" and "testgroup"
Proxy error 403 'test' does not hold the required role
A little more information: I went to the tab "AUTH TOKENS"
Within the mydomain.mangoautomation.net - I can create the token.
When I'm in the guid.mydomain.mangoautomation.net domain - I get the following error when I try to create the token. (Note, happens to all the users there).
Failed to create authentication token: Access denied — org.springframework.security.access.AccessDeniedException: Must be authenticated via username and password
More information -
The autologin format via url parameters work in one case:
But in the case:
I get the error:
Proxy error 401 Not authenticated
MattFox last edited by MattFox
They are two completely different domains, it's like logging in to facebook and assuming you'd also be signed into linkedin because you successfully signed in to facebook.
You need to login into the guid subdomain and store the xsrf token in order to be able access the system.
That's what I see from first glance.
I take it your two domains are in fact two separate mango instances?
Thank you for the response. In the two different domains, I've created the test user, in both. In the problematic guid.mycompany.mangoautomation.net when I access it - I am not redirected to the login screen of the second one.
Is there a better way to handle client lists? Maybe I could just push the data points from the guid to the primary and then get the user to login there?
Regarding storing the xsrf - I am able to do this on the primary domain but it does not seem to work on the guid one.
MattFox last edited by
I think before we jump too deep, give me an overview of what it is you're trying to do.
What is the purpose of your client list?
Publishers do allow you to move data between instances, to the point of having a central location then forwarding all data to this central location.
I've got multiple on site ES units which talk back to my main cloud system and allow all respective clients to log in and view their data.
CraigWeb last edited by
@maurice using publishers to push the data to your central server and copying your dashboards over to the central server will probably be the easiest. Cloud connect is then only used for changing configurations on your node. This is generally how most Mango networks are setup. As Mattfox said it would be helpfull to know what your end goal is. There are various options to sync users credentials, tokens and role restrictions on the servers proxy tab so If you can give a description of your goal I think @Jared-Wiltshire will be able to advise.
Thank you both for walking me through the best practices. I'm still learning the system.
Currently, we've got 1 client that we built a custom dashboard for. Shortly, I expect to install 2 more Mange devices. My goal is for the 3 clients with unrelated Mango devices to be restricted to viewing their own custom dashboards. I've done a small POC and the role restrictions on the central server accomplish the stated goal.
My initial thought was to create a user in the proxy server, but I'd much sooner use the standard Mango network setup and push the data to the central server - being a newbie I just did not realize that was the best practice. I suspect that design would also help me with the development of the custom dashboards as I could develop locally.
I will take a look at the https://help.infiniteautomation.com/configuring-publishers and configure publish the data to the central server. I will probably also be asking more questions on this forum.
MattFox last edited by
Look around the forums, there are numerous topics you can tap into. I have written a custom dashboard system so feel free to call on me if desired.
As for permissions, i strongly recommend a combination of them with datapoint tags.
Gives you a lot of freedom for your dashboard structure and behaviour.