I have the gateway set up so that only a user with an administrator role can access the config page. Then at some point I had the great idea that “Admin” is much shorter to type than “Administrator” when checking roles, so I changed the role name. Of course, this meant that immediately, there were no users with the Administrator role, and thus I was locked out of the gateway configuration.
The only way I managed to recover from this was to create a vision window in the designer session I (fortunately) already had open, add a user management component to it, test the display, and use the component to add a new Administrator role, and assign it to a user.
Again, total user error on my part, but if I hadn’t had a designer session open this could have been a really big problem.
I’m not sure what the solution to this would be, seeing as obviously it would be a huge security hole to just allow you to break into the configuration without the required role - but perhaps there could be some method of ensuring that you can’t remove/modify a user role if it’s in use in such a critical way?
I had thought of this, but as your post implied, there's no GCU on v8 (yet, at least. Is it planned?)
Although, as I recall, the GCU just allowed you to reset passwords, correct? Would it have helped in this instance where I knew the password, but there were just no passwords with the correct role required to access the gateway configuration? Or, more precisely, because the role required for gateway configuration access didn't exist?
The GCU as it was in 7.9 won’t come back, the shell and batch scripts have all the same functionality. I think you still needed to do the reset, even though you knew the password.
Yes - the reset makes the system go through the commissioning process again, which will both create/reset the password of whatever user your specify, and set it as the system user source/gateway config role.