holme-r
commented
5 months ago In OBUSPA v7, roles and permissions could only be configured using the register_controller_trust_cb vendor hook. In OBUSPA v8, we changed the code so that roles and permissions can also be dynamically configured by a USP Controller (using add/set etc), and the configuration is stored persistently in OBUSPA's DB. When making this change we tried hard to make things backwards compatible. Were you using the register_controller_trust_cb before, or relying on the default roles and permissions ? Also are you using trust store certificates to assign an InheritedRole or using an explicit AssignedRole for your controller, or just relying on the default configuration ? Please check that you have merged the changes from OBUSPA v8's vendor_defs.h into your vendor_defs.h. The whole section related to roles and permissions has changed. In particular look at the ROLE_FULL_ACCESS define. This is the instance number of the role which has full access. One possible cause of your issue is that this instance number does not match the role that has full access in the data model. If you can provide me with the output of 'obuspa -c get Device.LocalAgent.' on your OBUSPA v8 and also what's in your vendor_defs.h in the roles/permissions section, then I can probably help more.
CSalaza73
I am calling an asynchronous function call through our controller. We have a web UI controller that sends the json formatted operate command for an asynchronous function but each time we try to do something like IPPing() or DownloadDiagnostics(), we receive the message on our logs "CheckPathProperties: No permission to perform operation".
These operations worked under USP Agent 7.0 but we have run into the issue under 8.0 as we are testing before incorporating. Were there any changes within the core code that us as the "vendor" need to address when doing these calls?
When I try through the obuspa cli with -c operate "" command it works but not through an web ui controller.