User permissions

Hi All

I’m using DF V2.0-beta3. But I have some troubles to set the correct user rights.

What I did:

  1. I created a new role. I set access (only) to my service (SQL DB) for one component with POST access.
  2. Then I defined a new no storage app and assigned the new role as a default role.
  3. Then I created a new user with a (fake) email address and set the password manually. Under roles for my new app I selected my new role.

But I can’t use the service with this new user.

The error log shows this:

[Wed Oct 21 15:43:57.432136 2015] [:error] [pid 1388:tid 1092] [client xxx.xxx.xxx.xxx:xxxxx] REST Exception #401 > Unauthorized. User credentials did not match.

The access log shows this (first line is the successful call with my admin login, second line is the error):

xxx.xxx.xxx.xxx - xxx@xxx.xx [21/Oct/2015:15:43:53 +0200] "POST /api/v2/xxx/_proc/xxx HTTP/1.1" 200 146
xxx.xxx.xxx.xxx - yyy@xxx.xx [21/Oct/2015:15:43:57 +0200] "POST /api/v2/xxx/_proc/xxx HTTP/1.1" 401 7754

Which configuration did I mess up?

Reto E.

Have you assigned this user the role you created with respect to the app you created on the Roles tab under that User?

You’ll want to check the dreamfactory log to be sure (it’s in the storage/logs folder, /path/to/bitnami/htdocs/storage/logs if you used a Bitnami installer)

But my first inclination would be to check what call you are making.
Are you establish a session first (posting to /api/v2/user/session) and then using the returned token in your call?

If you can share all of your call to your service that will help troubleshoot (you can use placeholders for sensitive information, i.e. {password} for user’s password)

Yes. The User has the Role assigned under the correct app.

The Role has access to the Remote SQL DB Service for only the one stored procedure component with POST Access. No other Services are assigned. Are other Services necessary for the authentication?

I am trying to make the call with basic authentication.

I just installed Version 2.0.1-1. And now the request with Basic Authentication works like expected. Maybe it was a problem with the BETA or my particular installation of the BETA.

That makes sense. We resolved quite a few bugs between beta 3 and 2.0.1