"Not authorized for ServiceInvoke in PersistentSession<Session ID>" is seen when a non-administrator user accesses a Mashup in ThingWorx Platform

• Non Administrative users do not see updated property values in mashup with Automatically update values when able
• Customized solution that implements GetProperties on a mashup fails for non-administrator users
• Cannot edit permissions on BrowserGateway Thing Template due to an error
  • Need to add additional principals to AddDynamicRemoteSubscription and RemoveDynamicRemoteSubscription
• Non-administrator users end up with errors on mashups that make a GetProperties call with the Automatically update values when able option enabled
• How to grant permission to ServiceInvoke on AddDynamicRemoteSubscription
• Two scenarios occur:
  1. For security reason Users userGroup has been removed from ComposerUsers group
     • In this case following type of error on AddDynamicRemoteSubscription is received in ThingworxStorage\logs\ApplicationLog.log:

[L: ERROR] [O: E.c.q.l.c.Logger] [I: ] [U: <USER>] [S: ] [P: ] [T: WSExecutionProcessor-26] Unable to dispatch [ uri = /Things/PersistentSession<Session ID>/Services/AddDynamicRemoteSubscription/]: Unable to Invoke Service AddDynamicRemoteSubscription on PersistentSession<Session ID> : Not authorized for ServiceInvoke on AddDynamicRemoteSubscription in PersistentSession<Session ID>
[L: ERROR] [O: E.c.q.l.c.Logger] [I: ] [U: <USER>] [S: ] [P: ] [T: WSExecutionProcessor-26] error executing APIRequest Message: Not authorized for ServiceInvoke on AddDynamicRemoteSubscription in PersistentSession<Session ID>, sending ERROR ResponseMessage to caller!

2. Users userGroup is still member of ComposerUsers group, but user is not in Administrators userGroup
   • In this case the following type of error on ForwardEvent is received

Unable to dispatch [ uri = /Things/PersistentSession94b4c4a6-962a-49d3-94f9-c9f9d4bc1b27/Services/AddDynamicRemoteSubscription/]: Unable to Invoke Service AddDynamicRemoteSubscription on PersistentSession94b4c4a6-962a-49d3-94f9-c9f9d4bc1b27 : Not authorized for ServiceInvoke on ForwardEvent in PersistentSession94b4c4a6-962a-49d3-94f9-c9f9d4bc1b27
 error executing APIRequest Message: Not authorized for ServiceInvoke on ForwardEvent in PersistentSession94b4c4a6-962a-49d3-94f9-c9f9d4bc1b27, sending ERROR ResponseMessage to caller!

• Possible other error:

Error Executing Event Handler 'ForwardEvent' for event Type.Thing:Entity.Thing3:Event.DataChange:Property.Num3

Error Executing Event Handler 'ForwardEvent' for event Type.Thing:Entity.MyThing:Event.DataChange:Property.myproperty com.thingworx.common.exceptions.InvalidRequestException: Not authorized for ServiceInvoke on ForwardEvent in PersistentSession...