Hello again,
I am searching for a possibility to change user rights within a task to create files in a folder under windows.
RoboTasks is working as a windows service
The situation is as follows:
For security reasons the user who runs RoboTask has limited rights and must not access folder 'xyz' on server 'abc'.
Another user (also limited rights) has the required rights to write files to folder 'xyz'.
In my task I want to change user rights temporary or fill the windows login information to get access to the destination folder 'xyz'.
Is that possible?
I already tried to use "Remote Task Connect" with the service on localhost. But it always says 'Can't connect to host (3)'.
Do I have to add 'User Rights' to the 'Network Server Settings' in 'Connection Manager'?
Kind regards,
Sebastian
Write files to folder with different user rights
Re: Write files to folder with different user rights
This means thatI already tried to use "Remote Task Connect" with the service on localhost. But it always says 'Can't connect to host (3)'.
- you specified incorrect parameters
- network server is not started in service for some reason
- maybe firewall is working, but firewall does not work on local connections
Oleg Yershov
Re: Write files to folder with different user rights
RoboTask inherits user permissions from user session.For security reasons the user who runs RoboTask has limited rights and must not access folder 'xyz' on server 'abc'.
Another user (also limited rights) has the required rights to write files to folder 'xyz'.
In my task I want to change user rights temporary or fill the windows login information to get access to the destination folder 'xyz'.
RoboTask service works under SYSTEM account by default and inherits SYSTEM permissions
I'm afraid that you can not change permissions "on-the-fly".
Oleg Yershov
Re: Write files to folder with different user rights
Ok, I did some more research and set up the user with special user rights to write into the folder in 'RoboTask Server Manager' => 'Network Server Parameters' => 'Edit internal list of users'.
Then I created a Task to create a text file in the folder.
Then I created another task and used 'Remote RoboTask Connect' and connected to the service.
The 'Test connection' returned 'Connection established'. So far it works.
But the next task 'Start Remote Task' gives me an error:
I can not find this plugin in 'Settings' => 'Plug-ins'.
Is my setup correct or did I miss something?
Then I created a Task to create a text file in the folder.
Then I created another task and used 'Remote RoboTask Connect' and connected to the service.
The 'Test connection' returned 'Connection established'. So far it works.
But the next task 'Start Remote Task' gives me an error:
- Screenshot 2022-07-07 091711.png (22.77 KiB) Viewed 2056 times
I can not find this plugin in 'Settings' => 'Plug-ins'.
Is my setup correct or did I miss something?
Re: Write files to folder with different user rights
Hm-m-m... This is a bug.
We'll investigate this and release a patch ASAP
We'll investigate this and release a patch ASAP
Oleg Yershov
Re: Write files to folder with different user rights
Download and install fresh copy: https://robotask.com/download/But the next task 'Start Remote Task' gives me an error:...
This bug has already been fixed.
Oleg Yershov
Re: Write files to folder with different user rights
I installed the new version and the problem does not exist anymore.
But the process I am testing does not solve my problem.
We have set up different user permissions for folders with SMB (Server Message Block).
So I need to define the user authentification (which is different to the user starting the service) within a task to get permissions to a specified folder.
It seems that there is no functionality to use SMB in RoboTask at the moment.
The only way I can figure out at the moment is that I start another RoboTask service on another server with other user permissions.
But this is really cumbersome.
But the process I am testing does not solve my problem.
We have set up different user permissions for folders with SMB (Server Message Block).
So I need to define the user authentification (which is different to the user starting the service) within a task to get permissions to a specified folder.
It seems that there is no functionality to use SMB in RoboTask at the moment.
The only way I can figure out at the moment is that I start another RoboTask service on another server with other user permissions.
But this is really cumbersome.
Re: Write files to folder with different user rights
You can not change user permissions (or application permissions) on-the-fly
I see two ways to solve you problem
1-s way
Give necessary permissions to user in order the task can do its job
2-nd way
run some task remotely on RoboTask instance which already have necessary permissions
This instance can be on remote computer or in separate session with necessary permissions.
Please note that both ways are almost the same: you give the necessary rights to the user directly or indirectly.
I see two ways to solve you problem
1-s way
Give necessary permissions to user in order the task can do its job
2-nd way
run some task remotely on RoboTask instance which already have necessary permissions
This instance can be on remote computer or in separate session with necessary permissions.
Please note that both ways are almost the same: you give the necessary rights to the user directly or indirectly.
Oleg Yershov
Re: Write files to folder with different user rights
With solution 1 the user starting RoboTask is getting more and more permissions if I want to implement more tasks.
I think this is a big security issue.
I think this is a big security issue.
What do you mean with 'separate session' in solution 2? I can not start RoboTask two times. And also the task 'Run program as' does not start RoboTask.
Re: Write files to folder with different user rights
Separate session is the separate session on this computer or on another computer/server with necessary permissionsWhat do you mean with 'separate session'...
Oleg Yershov