[IGN-3863] Gateway Scope doesn't satisfy tag editing permissions

I have an SFC that calls a project script that will create and delete certain tags automatically.
This was working fine until we decided to change the tag editing permissions for the tag provider for some unrelated tag security.
Now, the SFC will create the aforementioned tags but won’t delete them. The quality object returned on delete attempts is “Bad_AccessDenied(“Insufficient Edit Permissions”)”. I know the issue is with the tag provider’s tag edit permission roles, because when I remove them, it starts working again.

How is this possible? Aren’t the SFC’s run on the gateway? Doesn’t the Gateway not have ‘roles’? Shouldn’t it bypass any required edit roles?

I’m able to manually delete the tags in the designer/client, but I’d like to have them deleted programmatically while still maintaining edit security on the provider.

Exactly what Ignition version is this?
Tag editing permissions went through some flux fairly recently; it’s possible this is either a fixed bug or an edge case we didn’t encounter in testing.

It’s 8.1.0

Which system.tag functions are you calling from your SFC / project script?


Looks like a bug. I’ve filed a ticket internally. There is a workaround, though. Try using the legacy system.tag.removeTags(tagPaths) scripting function instead of the new system.tag.deleteTags(tagPaths). Looks like the legacy function does not have the same problem as the new one.

1 Like

Yep, that worked. Thanks!

1 Like