Configuring Permissions for ThingWorx Flow
Users need to be granted special permissions to create, edit, and execute workflows in ThingWorx Flow. The Administrator user has access to all these capabilities without any further configuration.
Permissions for using the Workflow Editor
To use the Workflow Editor, permissions must be granted to the Workflows Thing and WorkflowSubsystem subsystem in ThingWorx Composer. As an administrator, do the following:
1. Edit the Workflows Thing, and then click Permissions.
a. Select Visibility and ensure that the organization or organization unit that the user belongs to is listed.
b. Select Run Time, add the user or user group to the list, and then click 
under Service Execute.
under Service Execute. | This can be done at the entity level for all services that allow the user to execute all the workflows defined in the Workflow Editor. Otherwise, you can grant the Service Execute permission on a workflow-by-workflow basis by selecting the name of the workflow service under the Property, Service, or Event Overrides section. |
c. Select Design Time, add the user or user group to the list, and then click under Read, Update, and Delete.
under Read, Update, and Delete.d. Click Save.
2. Edit the WorkflowSubsystem subsystem, and then click Permissions.
a. Select Visibility and ensure that the organization or organization unit that the user belongs to is listed.
b. Select Run Time, add the user or user group to the list, and then click under Service Execute.
under Service Execute.c. Click Save.
Permissions for creating Workflow services on ThingWorx entities
| | If you need to apply changes to multiple entities, use the multiselect check boxes on the Home tab, and then click Permissions at the top of the table. |
For a user to be able to create Workflow services on Thing, Thing Template, or Thing Shape entities in ThingWorx Composer, the standard ThingWorx service permissions are needed. As an administrator, do the following:
1. Ensure that the user is either part of the ComposerUsers user group or has the same permissions as that group.
2. Edit the entity, and then click Permissions.
a. Select Visibility and ensure that the organization or organization unit that the user belongs to is listed.
b. Select Design Time, add the user or user group to the list, and then click under Read, Update, and Delete.
under Read, Update, and Delete.c. Click Save.
Workflows and Triggers
◦ All workflows are public to users who have access to the Workflows Thing. There are three levels of user access for the Workflows Thing:
▪ Visibility—View workflows.
▪ Run time—View and execute workflows.
▪ Design time—View, execute, create, update, and delete workflows.
◦ Workflows that include authorization details, such as user ID-password, access tokens, or application keys:
▪ Can be executed by any user with run time permissions to the workflow, but the user cannot view the authorization details in the workflow.
▪ Can be edited by any user with design time permissions to the workflow. The authorization details cannot be viewed or edited by a user other than the owner. For more information on sharing connectors, see Sharing connectors.
◦ All triggers are public and can be viewed by and used by users who have access to workflows. But triggers are owned by the creator and can be deleted only by the creator of the trigger. Triggers do not support sharing because they are shared by default.
A user must have design time permissions on the Workflows Thing to create, edit, or delete the triggers.