[SmartThings Edge] Permissions differences among location members

Historically I have used a personal account name, let’s call it Graham, to do pretty much everything with SmartThings. However now I have a second device capable of running the SmartThings app I am increasingly moving towards using a second account, let’s call it Anidea, as the administrative account and trying to make my account just a user.

My Location is now owned by Anidea. Although both Graham and Anidea seem to be able to do most things pretty equally, only Anidea seems to be able to show the ‘Driver’ information in the SmartThings mobile app.

My CLI installation was authorised for Graham. It still seems to be able to do most things I want it to do, though I’ve only scratched the surface so far, and this includes using logcat with my main hub. However if I try to run logcat on my second hub (both are on the same Location) I get a 403 error. I don’t know why they should behave differently but they do.

If I instead use a PAT generated for Anidea, I can access logcat on the secondary hub without the 403 error. The interesting thing about that is that I am offered logging on the Virtual Devices V2 device driver, the one that the CLI and the app otherwise deny knowledge of.

My brain hurts @nayelyz


Hi, @orangebucket!

Let me see if I understand correctly, I created this table:

Graham account Anidea Account (Main)
Location member Location owner
Can do logcat in main Hub Q1, Q2
logcat in Hub 2:
- Can’t do using default Authentication
- Can do using PAT

Using PAT also shows the driver in the CLI prompt list - Q4

Now the doubts:
Q1 - So, both accounts can use the logcat command in the main Hub correctly, right?
Q2 - Which account did you use to install that Hub?
Q3 - You cannot use the logcat command with the Hub 2 only in the account “Graham” using the default authentication (browser page), in “Anidea” it works correctly. Is that correct?
Q4 - When using a PAT, you can see all the installed drivers in the Hub, not only the ones installed through the account in use like in the SmartThings app, correct?

Hello Nayely,

It is basically a two part issue.

  1. logcat has authentication issues on just one of my two hubs, with one of my two accounts. Which is ‘interesting’. UPDATE: This no longer seems to be the case. Both hubs now give 403 errors. This is at least consistent.

  2. The real meat in the sandwich is that ‘Hub 2’ has a driver installed and functional that somehow survived a deletion and reset of the hub. As far as the app and CLI are concerned the hub is not subscribed to the channel the driver comes from and the driver is not installed. If devices are installed using the driver, the app does not show the ‘Driver’ settings for them. However logcat knows it is there. That seems a smidgen odd, if not bonkers.

Q1) Yes that is correct. UPDATE: It WAS correct this morning. This evening Graham gives a 403 on both hubs.

Q2) As far as I am aware I used the Anidea account to install both hubs but I reserve the right to have picked up the wrong phone. As far as I can see there is no way for me to know after the event as they don’t seem to admit to having an ‘owner’.

Q3) I only have the one CLI installation. Graham gets a 403 with logcat from default authentication or PAT. I have only tried Anidea with PAT.

Q4) Not exactly.

Regardless of the account I use, and whether I use the CLI or the mobile app, all the indications are that my hub is only enrolled in two Edge channels (one of mine and the ST beta), and only has three Edge drivers installed (one of mine, Zigbee Button and Zigbee Switch). This is what I would expect.

These are the drivers that are installed according to the CLI (boring bits removed)

st edge:drivers:installed --hub=1 --token={{PAT for Anidea}}
│ # │ Driver Id │ Name                        │
│ 1 │ Redacted  │ Anidea Security Mode Helper │
│ 2 │ Redacted  │ Zigbee Button               │
│ 3 │ Redacted  │ Zigbee Switch               │                            │

However if I fire up logcat, things are different.

 st edge:drivers:logcat --hub-address= --token={{PAT for Anidea}}
│ # │ Driver Id  │ Name                        │
│ 1 │ Redacted   │ Anidea Security Mode Helper │
│ 2 │ Redacted   │ Virtual Devices V2          │
│ 3 │ Redacted   │ Zigbee Button               │
│ 4 │ Redacted   │ Zigbee Switch               │
? Select a driver. (all)

As you can see the hub actually has a fourth driver installed. Now the hub was enrolled in Todd’s channel and that driver was installed prior to deleting, resetting, and reinstalling the hub. So I am kind of puzzled that it is still there, and also why is it just that one? And how do I delete it given that my deletion tools insist that it isn’t there?

I should add that I haven’t really tried to delete it, for example by ID, just in case this isn’t expected behaviour and there is something diagnostic about what is going on.

OK things are getting weirder. I updated CLI to the latest beta version and I cleared its credentials so I could start again, as well as generating a new PAT.

st edge:drivers:installed
no hubs found

However if I follow an channel invitation using the same account all three of my hubs are visible.

Hi, @orangebucket

We will need you to do the following test. We know you already have the latest version of the CLI. -Please, enable the debugging mode and perform any action that requires hub selection. You should see an output like this:

[WARN] cli - filtering out location <...location details>

We are still investigating the case. I will DM you to ask for some id’s to share with the Engineering Team.