Skip to main content
Skip table of contents

Authorization

Note that this does not cover details on how authorization works. In order to get a full understanding of the concepts involved, please refer to the user documentation: WebTSM Services Authorization

Introduction

All successfully authenticated clients may access the service as well as read and write data from any configured repository by default. Deleting data is not allowed by default.

Changing the default permissions is possible by setting up custom authorization rules.

Configuring Authorization Rules

In order to add new authorization rules or change existing rules it is necessary to be the owner of any rule or respectively the owner of the rule that is to be changed or deleted.

When setting up authorization rules this behaviour may not always be practical. To circumvent this restriction the following HAKOM.Config setting may be used:

XML 
<HAKOMConfiguration>
    <products>
        <WebTSMServices>
            <Authorization>
                <DisableOwnerCheck>true</DisableOwnerCheck> <!-- Default: false -->
            </Authorization>
        </WebTSMServices>
    </products>
</HAKOMConfiguration>

With this setting configured as "true" the WebTSM Services will not check for ownership of rules when a user tries to add, change or delete authorization rules, allowing for unrestricted modification of authorization rules. Since this configuration effectively gives admin rights to all users, caution is advised when enabling the setting. By default the setting is configured as "false".

Disabling the owner check provides the following benefits:

  • Easy initial setup of authorization rules
  • Authorization rules with owner "Unknown" can be changed via the WebTSM Services; no specific database scripts are necessary
  • Fail-safe in case of accidentally locking out the owner of a rule
  • Easy cleanup of any rules, including rules with invalid ownership claims

Authorization Rule Caching

Authorization rules, i.e. whether a user may delete time series, etc, are retrieved from the database. In order to improve performance, these rules may be cached locally. The following settings are available for configuring the cache:

XML 
<HAKOMConfiguration>
	<products>
		<WebTSMServices>
			<Caching>
				<Expiration>00:01:00</Expiration> <!-- Default: 01:00:00 one hour -->
				<Enabled>true</Enabled> <!-- Default: true -->
			</Caching>
		</WebTSMServices>
	</products>
</HAKOMConfiguration>
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close