Managing Permissions for Contexts and Equipment
A user’s role (for example, Maintenance Manager or Maintenance Engineer) determines the areas of the ThingWorx Apps user interface that the user can access. Permissions determine the contexts and equipment which a user or user group can see and edit in the context-aware areas of ThingWorx Apps. The combination of a user’s role and their permissions determines what they can view and edit in the areas of ThingWorx Apps to which they have access.
 |
Administrators and users with the Controls Engineer role can always view and edit all contexts and equipment, regardless of permission settings.
|
The following areas of ThingWorx Apps are impacted by context and equipment permissions:
• In Asset Advisor, Production KPIs, and Alert Monitoring, users need at least read (Read) permission on a context to view the context, and read (Read) permission on particular equipment to see that equipment within the context. Write (Write) permission automatically includes read (Read) permission.
• On the Equipment tab of Configuration and Setup, users must have Write permission on a context to view and create equipment in the context, and Write permission on particular equipment to view, edit, or delete the equipment. The user who creates a piece of equipment automatically has Write permission on that piece of equipment.
• When configuring an individual piece of equipment from the Equipment tab of Configuration and Setup, and adding related child equipment from the Equipment Structure page, only equipment to which the current user has Write permission is included in the list of equipment available to be added as child equipment.
• On the Alerts tab of Configuration and Setup, users can view and select all equipment in all contexts, but must have Write permission on particular equipment to create, edit, or delete alerts on that equipment.
Administrators and Controls Engineers manage permissions using services provided on the context manager Thing (PTC.SCA.SCO.DefaultContextManager) in ThingWorx Composer. These services are used to grant read (Read), write (Write), or none (None) permissions to users and user groups on individual contexts or pieces of equipment, on all equipment in the equipment structure of a context, or on a specified piece of equipment and all of its children in the equipment structure of a context. This allows you to tailor a user’s access to the specific contexts and equipment that are applicable to them.
The user groups provided with ThingWorx Apps are Controls Engineer, Maintenance Manager, Maintenance Engineer, and Production Manager. These user groups map to the user roles with those names, and FactoryUser, which includes the four previously mentioned user groups and the Administrator user.
 |
All permissions-related services on the context manager Thing (PTC.SCA.SCO.DefaultContextManager) have the ContextPermissions category tag. Filter the list of services to display only permissions-related services by selecting ContextPermissions from the Choose category drop-down list next to the services search field.
|
High-level Process Flow
The following high-level steps are a recommended approach to managing permissions for a context and its equipment.
1. Create the context with the appropriate equipment relationship definitions.
2. Use the services to grant permissions on that context to the users and user groups that you want to see the context.
3. Add equipment to the context, either through import or by allowing users to create new equipment.
4. Once equipment has been added, use the services to grant and propagate appropriate permissions for that equipment to your users and user groups.
5. When any new equipment is added to the context, grant and propagate permissions on that new equipment as needed.