Security for Audit Activities
Activities on a ThingWorx Platform take place in the context of a user, in particular the security context of a user. A user can be a person invoking a service on a Thing or it can be a ThingWorx Connection Server accessing the platform to deliver inbound messages from edge devices. Both of these users operate in a defined security context that consists of permissions assigned to the user. There are permissions for design time and run time.
 |
For information on auditing a switch in security context, see Auditing the Switching of Security Context .
|
Setting Permissions
There are two sets of permissions in ThingWorx, one for design time and one for run time. The design time permissions are for managing who is allowed to modify entities (create, read, update, and delete). Run time permissions determine who can access data, execute services, and trigger events on a Thing (including data tables, streams, and users).
Administrators can define explicit permissions for a user group, as well as exceptions that override these permissions. For example, you can restrict the permission to execute services, and then define a service override that allows a user to execute only one specific service. This flexibility allows fine-grained control over, for example, what thing properties, events, or services a certain user group is allowed to access. By default, only users in the Administrators group have full permissions to the components of the audit subsystem. Therefore, administrators need to grant non-administrator users the ability to invoke the services provided by the audit subsystem, using service overrides.
By default, users in the Administrators group have permissions to the following audit components:
• Audit subsystem, which is a system object that exposes the services, QueryAuditHistory, ArchiveAuditHistory, ExportAuditData, and PurgeAuditData.
• AuditArchiveFileRepository, which is the file repository of the audit subsystem that is used for the audit archives.
• AuditArchiveScheduler, which is a Scheduler thing that controls the automated archiving of audit entries.
• AuditPurgeScheduler, which is a Scheduler thing that controls the automated purging of audit entries.
• AuditArchiveCleanupScheduler, which schedules the clean-up of archived files.
• AuditArchiveCleanupNotificationScheduler, which sends reminder notifications of the clean-up.
The table below shows the permissions that may be granted to non-administrator users in a user group so that they may access these components. For permissions required for non-admin user groups to run the services of the audit subsystem, see the section below, Required Permissions for a Non-Admin to Run Audit Services.
 |
Be sure not to give non-admin users permission to edit objects at design time. For administrators, do not edit system objects at design time. If you edit them at design time, you risk losing any changes made during an upgrade.
|
|
Component
|
Permissions for a Non-Admin User Group
|
|---|---|
|
Audit Subsystem
|
To allow non-admin users and user groups to invoke the QueryAuditHistory, ArchiveAuditHistory, ExportAuditData, and PurgeAuditData services:
• Audit Subsystem — > .
• Audit Subsystem — > . Define a service override for each service that you want users in the group to be able to invoke and add a Service Execute for each service.
|
|
AuditArchiveFileRepository
|
Permissions for the AuditArchiveFileRepository of the audit subsystem, should NOT be granted to non-admin users or user groups.
|
|
AuditArchiveScheduler
|
Users in the Administrators group should have access to this scheduler Thing. The scheduler Thing has a property, called lastArchivedTime, that is updated after every successful run of an archive operation. While it is possible, this property should NEVER be updated by a user, admin or non-admin. For this reason (and others that your organization may have), it is recommended that non-admin users NOT be granted access to the scheduler.
|
|
AuditPurgeScheduler
|
Only users in the Administrators group should have access to this scheduler Thing. It is recommended that non-admin users NOT be granted access to this scheduler.
|
|
AuditArchiveCleanupScheduler
|
For non-admin users to execute the cleanup service:
• AuditArchiveCleanupScheduler— >
• AuditArchiveCleanupScheduler— > . Define a service override for this service ( Service Execute).
|
|
AuditArchiveCleanupNotificationScheduler
|
For non-admin users to execute the notification of cleanup service:
• AuditArchiveCleanupNotificationScheduler— >
• AuditArchiveCleanupNotificationScheduler— > . Define a service override for this service ( Service Execute).
|
Required Permissions for a Non-Admin to Run Audit Services
In general, to allow non-admin users in a user group to invoke services of the audit subsystem, a user group should be created and the following permissions should be granted to the user group:
• Audit Subsystem — Visibility permissions
• Audit Subsystem — Design time permissions — allow read
• Audit Subsystem Runtime permissions — Define a service override for each service that you want users in the group to be able to invoke, and allow service execute.
The following table lists the permissions that need to be granted to entities to allow a service to be invoked on them in the audit subsystem:
|
Service
|
Entity Type
|
Entity Name
|
Visibility
|
Design Time
|
Run-Time
|
|---|---|---|---|---|---|
|
QueryAuditHistory
|
Subsystem
|
AuditSubsystem
|
Yes
|
Read
|
Service: QueryAuditHistory - service execute
|
|
Data Shape
|
AuditHistory
|
Yes
|
Read
|
||
|
ArchiveAuditHistory
|
Subsystem
|
AuditSubsystem
|
Yes
|
Read
|
Service: ArchiveAuditHistory: Service execute
|
|
Thing
|
AuditArchiveScheduler
|
Yes
|
None
|
Property LastArchiveTime: Property read and property write
|
|
|
ExportAuditData
|
Subsystem
|
AuditSubsystem
|
Yes
|
Read
|
Service: ExportAuditData: Service execute
|
|
Thing
|
AuditArchiveScheduler
|
Yes
|
None
|
Property LastArchivedTime: Property read and property write
|
|
|
Thing
|
<user-created FileRepository>
|
Yes
|
None
|
All services: Service execute
|
|
|
PurgeAuditData
|
Subsystem
|
AuditSubsystem
|
Yes
|
Read
|
Service PurgeAuditData: Service execute
|
|
Thing
|
AuditPurgeScheduler
|
Yes
|
None
|
Property read and property write
|