Entity Permissions
The granularity of ThingWorx security allows you to set any entity with unique permissions. Organizations and organization units can be assigned read, write, subscribe, and other permissions within visibility rights. Users and user groups can be assigned read, write, subscribe, and other permissions within the run time and design time rights. Ownership of an entity can viewed and changed in the Ownership tab.
 |
Ownership details are available in Composer in ThingWorx 9.2.2, 9.1.6, 9.0.11 and later.
|
Set Permissions for an Entity
1. In Composer, in the left navigation pane, select Permissions.
2. Select Entities in the left frame.
3. Select the entity or entities to manage (a search box is available at the top bar if multiple items are listed).
4. Click Edit Permissions button.
5. Select one of the options: Visibility, Run Time, Design Time, or Ownership.
6. Use the picker to search users or groups and locate a user or group (for Run Time and Design Time), the organization picker (for visibility), or the users picker for ownership.
7. Set the rights as applicable for the selected entity. Each user or group can be set to Allow (check), Deny (X), or Use Inherited (organizational chart). 
| | If you are using MSSQL as a database, the following error will display if you attempt to configure run time permissions for properties, services, or events that contain more than 256 characters in their names: Error occurred while accessing the data provider |
8. Repeat for any entities, organizational units, or permissions to be edited.
9. Click Save.
| | The Remove button allows you to terminate all rights of a selected user, group, organization, organizational unit from the selected item. |
| | The Bulk Set button allows you to apply a set of permissions to many users simultaneously. Use the check boxes to select users or user groups to update, and then click Bulk Set. Set the appropriate rights in the Bulk Set dialog and click Done. |
Run Time Override Permissions
It is possible to restrict permissions on very specific items or situations beyond the permission sets that generally apply. Follow these steps to set up an exception or an override on standard permission sets.
1. Follow steps 1–4 above to access the user or group to override.
2. Select Run Time from the top bar.
3. In the Property, Service, or Event Overrides area, click the plus.
4. Choose a category or expand the tree to locate and select the item on which to set the override.
5. Use the picker to search users or groups, and locate a user or group.
6. Set the rights for property read, property write, and others as applicable to Allow (check), Deny (X), or Use Inherited (organizational chart).
7. Repeat these steps for as many overrides as desired for the active item.
8. Click Save.
| | The Bulk Set button allows you to apply a set of permissions to many users or groups under a single aspect simultaneously. Use the check boxes to select users and groups to update, and then click Bulk Set. Set the appropriate rights in the Bulk Set dialog and click Done. |
Entity Instance Permissions
Thing Templates and Thing Shapes have permissions on two levels: on the Thing directly, or all Things based on the Thing Shape or Thing Template during run time operations. You can toggle between the Entity and Instance of Entity using the icon.
