Configuring Permissions for ThingWorx Flow
Users need to be granted special permissions to create, edit, and execute the ThingWorx Flow workflows. The Administrator user has free access to all these capabilities without any further configuration. Use the procedures in the following sections to modify these settings.
Permissions for Using the Workflow Editor
To use the workflow editor, permissions must be granted on the Workflows and WorkflowSubsystem entities. As an administrator, do the following:
1. In Composer, edit the Workflow Thing, and then click Permissions.
a. Under Visibility, ensure that the Organization or Organization Unit that the user belongs to is listed.
b. Under Run Time, add the User or User Group to the list and then set Service Execute to Allow.
* 
This can be done at the entity level for all services which allows the user to execute all the workflows defined in the workflow editor. Otherwise, grant Service Execute on a workflow-by-workflow basis by selecting the name of the workflow service in the Overrides area.
c. Under Design Time, add the User or User Group to the list, and then set Read, Update, and Delete to Allow.
d. Click Save.
2. Edit the WorkflowSubsystem Thing, and then click Permissions.
a. Under Visibility, ensure that the Organization or Organization Unit that the user belongs to is listed.
b. Under Run Time, add the User or User Group to the list, and then set Service Execute to Allow.
c. Click Save.
Permissions for Using Workflow services in the Composer
* 
If you need to apply changes to multiple entities, use the multiselect check boxes on the Home tab, and then click Permissions at the top of the table.
To create Workflow services on Thing, Thing Template, or ThingShape entities in Composer, the standard ThingWorx service permissions are needed. As an administrator, do the following:
1. Ensure that the user is either part of the ComposerUsers user group or has the same permissions as that group.
2. Edit the entity, and then click Permissions.
a. Under Visibility, ensure that the Organization or Organization Unit that the user belongs to is listed
b. Under Design Time, add the User or User Group to the list and set Read, Update, and Delete to Allow.
c. Click Save.
Flows and Triggers
All workflows are public to users who have access to the WorkFlows entity. There are 3 levels of user access for the WorkFlows entity.
Visibility—View flows.
Runtime—View and execute flows.
Design Time—View, execute, create, update, and delete flows.
See the descriptions that follow for workflows that include private connections and authorizations.
Can be executed by any user with runtime access to the workflow but the user cannot view the private connection details in the workflow.
Can be edited by any user with design time access to the workflow. The private connections cannot be viewed or edited by a user other than the owner of the private connection. For more information on sharing private connections and authorizations, see ThingWorx Flow Settings.
All triggers are public and can be viewed by and used by users who have access to workflows. But triggers are owned by the creator and can be deleted only by the creator of the trigger. Triggers do not support sharing because they are shared by default.
A user must have Design Time privileges on workflows to create, edit, or delete the triggers.
Was this helpful?