• Register
    • Login
    • Search
    • Recent
    • Tags
    • Popular

    Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

    Radix IoT Website Mango 3 Documentation Website Mango 4 Documentation Website

    User Permissions with client list.

    User help
    3
    9
    748
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maurice last edited by

      Hello all,

      I've got two sites within the mango ecosystem.

      mydomain.mangoautomation.net
      And
      guid.mydomain.mangoautomation.net (Which is accessible from the "client list" tab of mydomain.mangoautomation.net )

      I created a user called "test" in both domains - and gave that person permissions of "user" and "testgroup"

      When I log into guid.mydomain.mangoautomation.net after signing in at mydomain.mangoautomation.net I get the following error:

      Proxy error 403
'test' does not hold the required role

      Ideally, I'd like the user "test" to sign in to mydomain.mangoautomation.net and get redirected to -> guid.mydomain.mangoautomation.net /Custom Page

      Thank you.

      M 1 Reply Last reply Reply Quote 0
      • M
        maurice @maurice last edited by

        A little more information: I went to the tab "AUTH TOKENS"

        Within the mydomain.mangoautomation.net - I can create the token.

        When I'm in the guid.mydomain.mangoautomation.net domain - I get the following error when I try to create the token. (Note, happens to all the users there).

        Failed to create authentication token: Access denied — org.springframework.security.access.AccessDeniedException: Must be authenticated via username and password

        1 Reply Last reply Reply Quote 0
        • M
          maurice last edited by

          More information -

          The autologin format via url parameters work in one case:

          https://mydomain.mangoautomation.net/ui/home?autoLoginUsername=publicuser&autoLoginPassword=publicpassword

          But in the case:

          https://guid.mydomain.mangoautomation.net/ui/home?autoLoginUsername=publicuser&autoLoginPassword=publicpassword

          I get the error:

          Proxy error 401

Not authenticated
          1 Reply Last reply Reply Quote 0
          • MattFox
            MattFox last edited by MattFox

            They are two completely different domains, it's like logging in to facebook and assuming you'd also be signed into linkedin because you successfully signed in to facebook.
            You need to login into the guid subdomain and store the xsrf token in order to be able access the system.
            That's what I see from first glance.

            EDIT:
            I take it your two domains are in fact two separate mango instances?

            Do not follow where the path may lead; go instead where there is no path.
            And leave a trail - Muriel Strode

            M 1 Reply Last reply Reply Quote 0
            • M
              maurice @MattFox last edited by

              @mattfox

              Hello Matt,

              Thank you for the response. In the two different domains, I've created the test user, in both. In the problematic guid.mycompany.mangoautomation.net when I access it - I am not redirected to the login screen of the second one.

              0_1579741427463_download-2.png

              Is there a better way to handle client lists? Maybe I could just push the data points from the guid to the primary and then get the user to login there?

              Regarding storing the xsrf - I am able to do this on the primary domain but it does not seem to work on the guid one.

              Thank you,
              Maurice

              1 Reply Last reply Reply Quote 0
              • MattFox
                MattFox last edited by

                I think before we jump too deep, give me an overview of what it is you're trying to do.
                What is the purpose of your client list?
                Publishers do allow you to move data between instances, to the point of having a central location then forwarding all data to this central location.
                I've got multiple on site ES units which talk back to my main cloud system and allow all respective clients to log in and view their data.

                Do not follow where the path may lead; go instead where there is no path.
                And leave a trail - Muriel Strode

                1 Reply Last reply Reply Quote 0
                • CraigWeb
                  CraigWeb last edited by

                  @maurice using publishers to push the data to your central server and copying your dashboards over to the central server will probably be the easiest. Cloud connect is then only used for changing configurations on your node. This is generally how most Mango networks are setup. As Mattfox said it would be helpfull to know what your end goal is. There are various options to sync users credentials, tokens and role restrictions on the servers proxy tab so If you can give a description of your goal I think @Jared-Wiltshire will be able to advise.

                  1 Reply Last reply Reply Quote 0
                  • M
                    maurice last edited by

                    Hello @MattFox and @CraigWeb

                    Thank you both for walking me through the best practices. I'm still learning the system.

                    Currently, we've got 1 client that we built a custom dashboard for. Shortly, I expect to install 2 more Mange devices. My goal is for the 3 clients with unrelated Mango devices to be restricted to viewing their own custom dashboards. I've done a small POC and the role restrictions on the central server accomplish the stated goal.

                    My initial thought was to create a user in the proxy server, but I'd much sooner use the standard Mango network setup and push the data to the central server - being a newbie I just did not realize that was the best practice. I suspect that design would also help me with the development of the custom dashboards as I could develop locally.

                    I will take a look at the https://help.infiniteautomation.com/configuring-publishers and configure publish the data to the central server. I will probably also be asking more questions on this forum.

                    Thanks again,
                    Maurice

                    1 Reply Last reply Reply Quote 0
                    • MattFox
                      MattFox last edited by

                      Look around the forums, there are numerous topics you can tap into. I have written a custom dashboard system so feel free to call on me if desired.
                      As for permissions, i strongly recommend a combination of them with datapoint tags.
                      Gives you a lot of freedom for your dashboard structure and behaviour.

                      Fox

                      Do not follow where the path may lead; go instead where there is no path.
                      And leave a trail - Muriel Strode

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post