[IGN-3863] Gateway Scope doesn't satisfy tag editing permissions

Luke.Brockley · August 10, 2021, 9:21pm

I have an SFC that calls a project script that will create and delete certain tags automatically.
This was working fine until we decided to change the tag editing permissions for the tag provider for some unrelated tag security.
Now, the SFC will create the aforementioned tags but won’t delete them. The quality object returned on delete attempts is “Bad_AccessDenied(“Insufficient Edit Permissions”)”. I know the issue is with the tag provider’s tag edit permission roles, because when I remove them, it starts working again.

How is this possible? Aren’t the SFC’s run on the gateway? Doesn’t the Gateway not have ‘roles’? Shouldn’t it bypass any required edit roles?

I’m able to manually delete the tags in the designer/client, but I’d like to have them deleted programmatically while still maintaining edit security on the provider.

PGriffith · August 10, 2021, 9:25pm

Exactly what Ignition version is this?
Tag editing permissions went through some flux fairly recently; it’s possible this is either a fixed bug or an edge case we didn’t encounter in testing.

Luke.Brockley · August 10, 2021, 9:30pm

It’s 8.1.0

jspecht · August 10, 2021, 9:41pm

Which system.tag functions are you calling from your SFC / project script?

Luke.Brockley · August 10, 2021, 9:44pm

system.tag.deleteTags

jspecht · August 10, 2021, 10:39pm

Looks like a bug. I’ve filed a ticket internally. There is a workaround, though. Try using the legacy system.tag.removeTags(tagPaths) scripting function instead of the new system.tag.deleteTags(tagPaths). Looks like the legacy function does not have the same problem as the new one.

Luke.Brockley · August 11, 2021, 1:13pm

Yep, that worked. Thanks!