ThingWorx Model Definition and Composer > System > Subsystems > Audit Subsystem > Security for Audit Activities
  
Security for Audit Activities
Activities on a ThingWorx platform take place in the context of a user, in particular the security context of a user. A user can be a person invoking a service on a Thing or it can be a ThingWorx Connection Server accessing the platform to deliver inbound messages from edge devices. Both of these users operate in a defined security context that consists of permissions assigned to the user. There are permissions for design time and run time.
* 
For information on auditing a switch in security context, see Auditing the Switching of Security Context .
Setting Permissions
There are two sets of permissions in ThingWorx, one for design time and one for run time. The design time permissions are for managing who is allowed to modify entities (Create, Read, Update, and Delete). Run time permissions determine who can access data, execute services, and trigger events on a thing (including data tables, streams, and users).
Administrators can define explicit permissions for a user group, as well as exceptions that override these permissions. For example, you can restrict the permission to execute services, and then define a service override that allows a user to execute only one specific service. This flexibility allows fine-grained control over, for example, what thing properties, events, or services a certain user group is allowed to access. By default, only users in the Administrators group have full permissions to the components of the Audit Subsystem. Therefore, administrators need to grant non-administrator users the ability to invoke the services provided by the Audit Subsystem, using Service Overrides.
By default, users in the Administrators group have permissions to the following Audit components:
Audit Subsystem, which is a system object that exposes the services, QueryAuditHistory, ArchiveAuditHistory, ExportAuditData, and PurgeAuditData.
AuditArchiveFileRepository, which is the File Repository of the Audit Subsystem that is used for the audit archives.
AuditArchiveScheduler, which is a Scheduler thing that controls the automated archiving of audit entries.
AuditPurgeScheduler, which is a Scheduler thing that controls the automated purging of audit entries.
AuditArchiveCleanupScheduler, which schedules the clean-up of archived files.
AuditArchiveCleanupNotificationScheduler, which sends reminder notifications of the clean-up.
The table below shows the permissions that may be granted to non-administrator users in a user group so that they may access these components. For permissions required for non-admin user groups to run the services of the Audit Subsystem, see the section below, Required Permissions for a Non-Admin to Run Audit Services.
* 
Be sure not to give non-admin users permission to edit objects at design time. For administrators, do not edit system objects at design time. If you edit them at design time, you risk losing any changes made during an upgrade.
Component
Permissions for a Non-Admin User Group
Audit Subsystem
To allow non-admin users and user groups to invoke the QueryAuditHistory, ArchiveAuditHistory, ExportAuditData, and PurgeAuditData services:
Audit Subsystem — Design Time > Read.
Audit Subsystem — Run Time > Property, Service, or Event Overrides. Define a Service Override for each service that you want users in the group to be able to invoke and add a Service Execute for each service.
AuditArchiveFileRepository
Permissions for the AuditArchiveFileRepository of the Audit Subsystem, should NOT be granted to non-admin users or user groups.
AuditArchiveScheduler
Users in the Administrators group should have access to this scheduler thing. The scheduler thing has a property, called lastArchivedTime, that is updated after every successful run of an archive operation. While it is possible, this property should NEVER be updated by a user, admin or non-admin. For this reason (and others that your organization may have), it is recommended that non-admin users NOT be granted access to the scheduler.
AuditPurgeScheduler
Only users in the Administrators group should have access to this scheduler thing. It is recommended that non-admin users NOT be granted access to this scheduler.
AuditArchiveCleanupScheduler
For non-admin users to execute the cleanup service:
AuditArchiveCleanupSchedulerDesign Time > Read
AuditArchiveCleanupSchedulerRun Time > Property, Service, or Event Overrides. Define a Service Override for this service ( Service Execute).
AuditArchiveCleanupNotificationScheduler
For non-admin users to execute the notification of cleanup service:
AuditArchiveCleanupNotificationSchedulerDesign Time > Read
AuditArchiveCleanupNotificationSchedulerRun Time > Property, Service, or Event Overrides. Define a Service Override for this service ( Service Execute).
Required Permissions for a Non-Admin to Run Audit Services
In general, to allow non-admin users in a user group to invoke services of the Audit Subsystem, a user group should be created and the following permissions should be granted to the user group:
Audit Subsystem — Visibility permissions
Audit Subsystem — Design Time permissions — allow Read
Audit Subsystem Runtime permissions — Define a Service Override for each service that you want users in the group to be able to invoke, and allow Service Execute.
The following table lists the permissions that need to be granted to entities to allow a service to be invoked on them in the Audit Subsystem:
Service
Entity Type
Entity Name
Visibility
Design Time
Run-Time
QueryAuditHistory
Subsystem
AuditSubsystem
Yes
Read
Service: QueryAuditHistory - Service Execute
Data Shape
AuditHistory
Yes
Read
ArchiveAuditHistory
Subsystem
AuditSubsystem
Yes
Read
Service: ArchiveAuditHistory: Service Execute
Thing
AuditArchiveScheduler
Yes
None
Property LastArchiveTime: PropertyRead and PropertyWrite
ExportAuditData
Subsystem
AuditSubsystem
Yes
Read
Service: ExportAuditData: Service Execute
Thing
AuditArchiveScheduler
Yes
None
Property LastArchivedTime: PropertyRead and PropertyWrite
Thing
<user-created FileRepository>
Yes
None
All services: Service Execute
PurgeAuditData
Subsystem
AuditSubsystem
Yes
Read
Service PurgeAuditData: Service Execute
Thing
AuditPurgeScheduler
Yes
None
PropertyRead and PropertyWrite