Creating Custom Roles
You can define your own roles and assign permissions to those roles, in addition to, or instead of the roles provided with the ThingWorx Apps. This enables you to tailor the application to your business processes. Custom roles are set up using user groups in ThingWorx Composer. Once created, these custom roles appear in the role assignment section of the Users tab of the Configuration and Setup page.
Creating a Custom Role
To create a custom role:
1. In ThingWorx Composer, click User Groups under Security.
2. Click New to create a new user group.
3. Enter the name of the role in the Name field.
4. Select the following tags:
PTC:factory-mv
Role:Factory-UserGroup
5. Press Save to create the user group.
6. Select FactoryUsers from the list of User Groups and click Edit.
7. Click the Edit Members button.
8. Select the new user group from list on the left and move it to the list on the right.
9. Press the Save button to save the changes and close the window.
10. Press the Save button on the screen for the cFactoryUsers user group.
Assigning Access Rights to a Custom Role
To assign access rights to a custom role:
1. In ThingWorx Composer, click User Groups under Security.
2. Click one of the following user groups to apply the same access rights to your custom role:
Controls Engineer
Maintenance Engineer
Maintenance Manager
Production Manager
3. Click Edit Members.
4. Select your custom role from list on the left, and move it to the list on the right.
5. Click Save to save the change and close the popup window.
6. Repeat these steps if you would like to apply the rights of another group to your custom role.
* 
If you would like your new custom role to replace an existing role or roles, after completing the previous steps, remove the Role:Factory-UserGroup tag from roles that you do not want to appear in the application.
Restricting Non-Administrative Custom Roles
If your custom role is not for administrative use, then the custom role must have the Service Execute permission denied for certain services.
1. In ThingWorx Composer, navigate to the database Thing configured for use with ThingWorx Apps, for example PTC.SCA.SCO.PostgresDatabase or PTC.SCA.SCO.MSSQLDatabase.
2. Under Permissions > Run Time, search for and add the following services in the Property, Service, or Event Overrides section:
AddColumn
AddForeignKey
CreateIndex
CreateTable
CreateTables
DropTable
DropTables
RemoveColumn
RemoveForeignKey
RemoveIndex
3. For each service, search for and add your custom role, and click the X to deny the Service Execute permission: Deny permission.
4. Click Save to save the permission changes on the database Thing.
Was this helpful?