search

thingsboard / thingsboard

Open-source IoT Platform - Device management, data collection, processing and visualization.
https://thingsboard.io
Apache License 2.0
17.21k stars 5.08k forks source link

Customer can't add asset by assetService #11490

Open BigNavid opened 2 weeks ago

BigNavid commented 2 weeks ago

Component

Description I'm attempting to add an asset using assetService. It works perfectly when I log in with a tenant account, but when I try to do the same with a customer account, the assetService returns a 403 error, indicating I don't have permission to perform this action. However, according to the swagger documentation for the saveAsset method, it should be "Available for users with 'TENANT_ADMIN' or 'CUSTOMER_USER' authority."

Here is the code for my custom action to save an asset:

let $injector = widgetContext.$scope.$injector;
let assetService = $injector.get(widgetContext.servicesMap
    .get('assetService'));

let asset = {
    name: "test product",
    type: "product"
};
assetService.saveAsset(asset).subscribe(
    (result) => {
        console.log(result);
    }
);
devaskim commented 2 weeks ago

If you are using CE version of TB, such limitation is by design. Tenant admins create and (un)assign device/asset, customer user use (or view) them.

sumin-denys commented 2 weeks ago

Hi @BigNavid,

As @devaskim said it is the expected behavior for ThinsBoard since the customer user has only read permission for Asset Type.

In case you are using ThingsBoard PE you can add permissions for customer user in the Security settings, so the user would be able to add Assets.

In order to do it you need to do the following:

  1. Log in to the Tenant administrator account.
  2. Go to Security > Roles in the sidebar.
  3. Find Customer user Role
  4. Add the next permissions:
Resource Operations
Asset Create / Read/Write
Asset Group Add to group / Create / Read / Write
Asset Profile Read
Customer Read

After all these steps you should be able to add Assets from the customer user.