导入 9.2 + 中的实体
得益于 ThingWorx 权限和安全模型的改进,ThingWorx 9.2.0 及更高版本中对权限的存储方式进行了重大更改。这些改进会影响将实体从较旧版本导入 ThingWorx 9.2.0 及更高版本的过程。在 ThingWorx 9.2.0 之前,可使用尚未导入平台的承担者 (用户、用户组、组织和组织单位) 导入具有权限的实体;承担者可于稍后导入。在 9.2.0 及更高版本中,如果实体具有权限且其权限引用了当前不在平台中或不属于同一导入文件的主体,则此类实体将丢失所分配的权限。
具体而言,由于缺少以下承担者情景,当将实体从较旧版本导入到 Thingworx 9.2.0 及更高版本时可能会导致失败:
• 已删除的承担者仍存在于与实体一起保存的权限 JSON 中。
• 导入的实体具有当前不在系统中但将在稍后导入的有效承担者。
为避免导致上述失败,必须首先导入实体导出中所引用的全部用户、用户组和组织 (Principals.xml),然后再导入实体 (Entities.xml)。这样可确保在导入其权限引用了这些承担者的实体之前,平台中存在用户、用户组、组织单位和组织。通过将用户、用户组和组织导出合并为单个文件来获取 principals.xml 文件。
 |
如果在导入 Principals.xml 前错误地导入了 Entities.xml,则可在导入 Principals.xml 后重新导入 Entities.xml 以将权限应用至实体。
|
在同一 XML 文件中组合实体和承担者
也可在同一导入文件中组合实体和承担者。无需保持同一导入文件中的顺序,因为平台将在导入任何其他实体前导入承担者。例如,以下 AllEntities.xml 可在 9.2.0 及更高版本中正常工作:
//AllEntities.xml
<Entities build="latest" majorVersion="0" minorVersion="0"
revision="0" schemaVersion="940">
<Things>
<Thing effectiveThingPackage="ConfiguredThing" enabled="true" homeMashup=""
identifier="" lastModifiedDate="2017-04-10T14:15:07.346-04:00" name="TestThing-WithPermissions"
projectName="" published="false" tags=""
thingTemplate="GenericThing" valueStream="">
<Owner name="Administrator" type="User" />
<avatar />
<DesignTimePermissions>
<Create />
<Read />
<Update />
<Delete />
<Metadata />
</DesignTimePermissions>
<RunTimePermissions>
<Permissions resourceName="*">
<PropertyRead />
<PropertyWrite />
<ServiceInvoke>
<Principal isPermitted="true" name="New-TestUser"
type="User" />
</ServiceInvoke>
<EventInvoke />
<EventSubscribe />
</Permissions>
</RunTimePermissions>
<VisibilityPermissions>
<Visibility>
<Principal isPermitted="true" name="New-TestOrg"
type="Organization" />
</Visibility>
</VisibilityPermissions>
<ConfigurationTables />
<ConfigurationChanges />
</Thing>
</Things>
<Users>
<User description="" documentationContent="" enabled="true" name="New-TestUser" projectName="" tags="">
<avatar />
<DesignTimePermissions>
<Create />
<Read />
<Update />
<Delete />
<Metadata />
</DesignTimePermissions>
<RunTimePermissions />
<VisibilityPermissions />
</User>
</Users>
<Organizations>
<Organization description="Organization for Visibility Permissios tests"
name="New-SystemOrg" projectName="" tags="">
<avatar />
<DesignTimePermissions>
<Create />
<Read />
<Update />
<Delete />
<Metadata />
</DesignTimePermissions>
<RunTimePermissions />
<VisibilityPermissions>
<Visibility />
</VisibilityPermissions>
<ConfigurationTables />
<loginImage />
<Connections>
<Connection from="" to="New-SystemOrgUnit" />
</Connections>
<OrganizationalUnits>
<OrganizationalUnit description="top of the food chain"
name="New-SystemOrgUnit">
<Members>
<Members>
<Member name="System" type="User" />
</Members>
</Members>
</OrganizationalUnit>
</OrganizationalUnits>
</Organization>
<Organization name="New-TestOrg" projectName="" tags="">
<avatar />
<DesignTimePermissions>
<Create />
<Read />
<Update />
<Delete />
<Metadata />
</DesignTimePermissions>
<RunTimePermissions />
<VisibilityPermissions>
<Visibility />
</VisibilityPermissions>
<ConfigurationTables />
<loginImage />
<Connections>
<Connection from="" to="New-TestOrgUnit" />
</Connections>
<OrganizationalUnits>
<OrganizationalUnit description=""
name="New-TestOrgUnit">
<Members>
<Members>
<Member name="New-TestUser" type="User" />
</Members>
</Members>
</OrganizationalUnit>
</OrganizationalUnits>
<ConfigurationChanges>
</ConfigurationChanges>
</Organization>
</Organizations>
<Menus />
<Resources />
<DataTags />
<ThingShapes />
<Subsystems />
</Entities>
<Entities build="latest" majorVersion="0" minorVersion="0"
revision="0" schemaVersion="940">
<Things>
<Thing effectiveThingPackage="ConfiguredThing" enabled="true" homeMashup=""
identifier="" lastModifiedDate="2017-04-10T14:15:07.346-04:00" name="TestThing-WithPermissions"
projectName="" published="false" tags=""
thingTemplate="GenericThing" valueStream="">
<Owner name="Administrator" type="User" />
<avatar />
<DesignTimePermissions>
<Create />
<Read />
<Update />
<Delete />
<Metadata />
</DesignTimePermissions>
<RunTimePermissions>
<Permissions resourceName="*">
<PropertyRead />
<PropertyWrite />
<ServiceInvoke>
<Principal isPermitted="true" name="New-TestUser"
type="User" />
</ServiceInvoke>
<EventInvoke />
<EventSubscribe />
</Permissions>
</RunTimePermissions>
<VisibilityPermissions>
<Visibility>
<Principal isPermitted="true" name="New-TestOrg"
type="Organization" />
</Visibility>
</VisibilityPermissions>
<ConfigurationTables />
<ConfigurationChanges />
</Thing>
</Things>
<Users>
<User description="" documentationContent="" enabled="true" name="New-TestUser" projectName="" tags="">
<avatar />
<DesignTimePermissions>
<Create />
<Read />
<Update />
<Delete />
<Metadata />
</DesignTimePermissions>
<RunTimePermissions />
<VisibilityPermissions />
</User>
</Users>
<Organizations>
<Organization description="Organization for Visibility Permissios tests"
name="New-SystemOrg" projectName="" tags="">
<avatar />
<DesignTimePermissions>
<Create />
<Read />
<Update />
<Delete />
<Metadata />
</DesignTimePermissions>
<RunTimePermissions />
<VisibilityPermissions>
<Visibility />
</VisibilityPermissions>
<ConfigurationTables />
<loginImage />
<Connections>
<Connection from="" to="New-SystemOrgUnit" />
</Connections>
<OrganizationalUnits>
<OrganizationalUnit description="top of the food chain"
name="New-SystemOrgUnit">
<Members>
<Members>
<Member name="System" type="User" />
</Members>
</Members>
</OrganizationalUnit>
</OrganizationalUnits>
</Organization>
<Organization name="New-TestOrg" projectName="" tags="">
<avatar />
<DesignTimePermissions>
<Create />
<Read />
<Update />
<Delete />
<Metadata />
</DesignTimePermissions>
<RunTimePermissions />
<VisibilityPermissions>
<Visibility />
</VisibilityPermissions>
<ConfigurationTables />
<loginImage />
<Connections>
<Connection from="" to="New-TestOrgUnit" />
</Connections>
<OrganizationalUnits>
<OrganizationalUnit description=""
name="New-TestOrgUnit">
<Members>
<Members>
<Member name="New-TestUser" type="User" />
</Members>
</Members>
</OrganizationalUnit>
</OrganizationalUnits>
<ConfigurationChanges>
</ConfigurationChanges>
</Organization>
</Organizations>
<Menus />
<Resources />
<DataTags />
<ThingShapes />
<Subsystems />
</Entities>
缺少承担者错误
从低于 9.2.0 版本平台中导出的实体可能包含平台中不再支持的承担者 (用户、用户组、组织和组织单位)。导入这些实体后,安全日志中可能会出现“缺少承担者”警告消息。请以管理员身份检查日志并确保缺少的承担者确实为已删除承担者且未忽略或跳过任何合法权限。
|
|
管理员必须检查日志并添加由于缺少承担者而跳过或忽略的合法权限。
|
|
|
即使警告日志消息中显示了具有拒绝、允许或继承访问权限的已删除承担者,用户、用户组和组织权限也会被移除。无论何时在平台上重新创建用户、用户组或组织,权限的分配都将根据集合权限进行 (除非另行指定)。确保无论何时将用户、用户组或组织添加至系统,均以手动方式分配拒绝、允许和继承权限。
|