Thingsboard: Customer Unable to Update Attributes

Created on 18 May 2019  路  18Comments  路  Source: thingsboard/thingsboard

Hi there,

So I have been trying to get this to work for quite some time now without any success. The problem I'm having has to do with updating attributes from a Customers Dashboard. I have assigned the device who's attributes I would like to change and a Dashboard to make the changes to the Customer.

If I login to my tenant account I am able to successfully update the attributes either through the "Device Attributes" window, or through the Dashboard I have setup with an "Update Shared String Attribute" widget. This is one of the system widgets. However when I login to the customers account, and follow the exact same process, the update fails. This is the case for any type of attribute I have tried (Integer, Boolean, String, etc.). I am using the latest version of Thingsboard at the time of posting - 2.3.1.

I have a few images to help explain my problem:

Customer Dashboard:
Capture1

Tenant Dashboard (Same Dashboard)
Capture2

Capture4

Attempt to Delete attribute using Customer Login JWT
image4144

Requesting attributes works using customer JWT
image4145

Successfully able to Delete attribute using Tenant Login JWT
rect4153-3-1-0-8-6

The error I receive from Google Chrome console when using Customer Login
rect4399-0-2-5

I'm not sure if there are additional rules I need to add the rule chain to get this to work. I'm currently using the default rule chain with no changes. It seems like the customer does not have permission to change the devices attributes, but I am unsure how to go about giving the customer permission.

I would really appreciate any help with this.

Thanks

picture JordanNel
👍1

Most helpful comment

Any update on this ? This seems to be a glaring problem if TB is to be used with customers who will need to be able to edit their device settings.

picture tavdog on 28 Jul 2020
👍5

All 18 comments

Hello, this is reported also in #1547
Starting from thingsboard 2.3.0 the backend doesn't allow attribute creation/write from customer users anymore due to usage of a new permission/security engine
If you need to unlock it you must change customer user permissions list in the backend source code

pgrisu picture pgrisu on 18 May 2019

Thank you for pointing me to that Issue. That narrows things down a bit and gives me some sort of direction. Out of interest, would you be able to suggest a way in which one could have device settings that a customer can change from their dashboard, and the device can pull this information and be notified (Subscribe) of any changes made by the customer? Would I need to use the RPC interface?

JordanNel picture JordanNel on 18 May 2019

I have the same issue. Is very useful the customer user to have the ability to write the shared attributes

Tasosgi picture Tasosgi on 28 May 2019

In thingsboard PE is possible to assign this level of permission to customer user?

Tasosgi picture Tasosgi on 28 May 2019

@Tasosgi I'm not entirely sure if it is possible in the Thingsboard PE, but I agree with you that allowing Customers to update shared attributes is a very useful feature to have. My temporary fix for the time being has been to go back to using Thingsboard v2.2 where this is possible. I have been unsuccessful in getting this to work in v2.3.1 by editing the backend source code. I'm still working on getting the source code to build without any errors on a Linux system.

JordanNel picture JordanNel on 31 May 2019

Did anyone try using the RPC command or RESTful requests ?

kevz93 picture kevz93 on 7 Aug 2019

@kevz93 I haven't tried using RPC commands to achieve this, but RESTful requests hit the same barrier if you use customer user authentication.

JordanNel picture JordanNel on 11 Sep 2019

Does anyone know exactly where in the backend source code the customer /user permissions are? I also need the ability for a customer to update a shared attribute

seenivasen picture seenivasen on 25 Sep 2019

The following change in file CustomerUserPremissions.java resolves this issue :

put(Resource.DEVICE, TenantAdminPermissions.tenantEntityPermissionChecker);

seenivasen picture seenivasen on 25 Sep 2019

Any insight from Thingsboard developers on this issue?
Not allowing customers to change attributes limits the functionality a lot, and renders some of the widgets useless.

fjpanag picture fjpanag on 12 Oct 2019

The following change in file CustomerUserPremissions.java resolves this issue :

put(Resource.DEVICE, TenantAdminPermissions.tenantEntityPermissionChecker);

where is this file typically located?

friendlyemu picture friendlyemu on 15 Nov 2019

In the thingsboard source code, the file is located in path:
application/src/main/java/org/thingsboard/server/service/security/permission/

seenivasen picture seenivasen on 15 Nov 2019

application/src/main/java/org/thingsboard/server/service/security/permission/

Ye i found the java file on the Github page, but couldn't find it on my debian system. (local installation, postgres edition)

friendlyemu picture friendlyemu on 15 Nov 2019

Any update of this issue?

Ktysai picture Ktysai on 3 Jan 2020

Add

Operation.WRITE_ATTRIBUTES

to

customerEntityPermissionChecker,
customerPermissionChecker,
customerDashboardPermissionChecker

in file https://github.com/thingsboard/thingsboard/blob/master/application/src/main/java/org/thingsboard/server/service/security/permission/PermissionChecker.java

Ex: private static final PermissionChecker customerDashboardPermissionChecker =
new PermissionChecker.GenericPermissionChecker(Operation.READ, Operation.READ_ATTRIBUTES,Operation.WRITE_ATTRIBUTES, Operation.READ_TELEMETRY) {

You have to build thingsboard from source.
I tested on ubuntu 18.04.
Good luck

congkeodhbk picture congkeodhbk on 11 Jan 2020
1

This seems to be a deal breaker issue. Customer users should be at the very least be able to add/edit shared attributes for customizing their devices. Rebuilding every update is going to be super impractical.

In my case, I would like to add attributes that make it possible for a client to set alarm setpoints on devices. In addition I need to store the endpoints for browser push notifications.

PopoTheSapien picture PopoTheSapien on 27 Jan 2020
👍5

customerDashboardPermissionChecker

@congkeodhbk

You mean this file in 3.0 ?

https://github.com/thingsboard/thingsboard/blob/master/application/src/main/java/org/thingsboard/server/service/security/permission/CustomerUserPermissions.java

amizer12 picture amizer12 on 23 Jul 2020

Any update on this ? This seems to be a glaring problem if TB is to be used with customers who will need to be able to edit their device settings.

tavdog picture tavdog on 28 Jul 2020
👍5
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Hanane95 picture Hanane95  路  14Comments
gopirathnamt picture gopirathnamt  路  21Comments
openedhardware picture openedhardware  路  24Comments
mfalkvidd picture mfalkvidd  路  16Comments
mehranq picture mehranq  路  52Comments