Granting User Permissions

User Management and Access Control > Configuring Public Access to ThingWorx > Granting User Permissions

This section provides information about how to configure public access for a ThingWorx server. It is assumed that your server has been pre-configured with a ThingWorx user named es-public-access, and that the Experience Service has been configured to use an application key associated with this user to access the ThingWorx server on behalf of public Experiences. It is also assumed that your ThingWorx server has been pre-configured with a ThingWorx organization named es-public-access-org and that the es-public-access user is a member of this organization. All servers that you have been provided with are configured this way.

ThingWorx Composer can be used to grant permissions to users and organizations. The Composer can be accessed by entering the following URL into your browser:

<protocol>://<twx-host>:<port>/Thingworx

Where:

• <protocol> is replaced with either http or https, depending on whether your ThingWorx server is running in secure or insecure mode

• <twx-host> is replaced with the name of the host on which your ThingWorx server is running

• <port> is replaced with the port on which the ThingWorx server is listening for client connections

Enabling WebSocket Connections

Two permissions must be granted to the es-public-access user to enable public Experiences to connect to ThingWorx using web sockets. A web socket connection is required if any of the thing properties accessed by a public experience have been configured to be auto-refreshed. You must grant permissions for the following:

• Visibility permission on the EntityServices resource

1. From ThingWorx Composer, click Resources under the SYSTEM section.

2. Enter EntityServices in the filter field, and click the permissions icon (

) in the last column.

3. Click Add Org/Org Units.

4. Select the es-public-access-org organization.

5. Click Add Entire Organization.

6. Click Done.

7. Click Save.

• Run Time Service Execute permission for the GetClientApplicationKey service on the EntityServices resource:

1. From ThingWorx Composer, click Resources under the SYSTEM section.

2. Enter EntityServices in the filter field, and click the permissions icon (

) in the last column.

3. Click the Run Time tab.

4. Under Property, Service or Event Overrides, use the search box to find and add the GetClientApplicationKey.

5. Under GetClientApplicationKey, use the search box to find and add the es-public-access user. Click the check mark in the Service Execute column.

6. Click Save at the top of the page.

• Visibility Instance—permissions on the SDKGateway thing template

1. From ThingWorx Composer, click Thing Templates under the Modeling section.

2. Click the filter icon, and select the Show System Objects checkbox. Click Apply.

3. Enter SDKGateway in the search box at the top of the Thing Templates table, and click the permissions icon (

) in the last column.

4. On the Visibility tab, search for the es-public-access-org org and select it to add it.

5. Click Save.

• Run time instance Service Execute permission for the SDKGateway thing template:

1. From ThingWorx Composer, click Thing Templates under the Modeling section.

2. Click the filter icon and select the Show System Objects checkbox. Click Apply.

3. Enter SDKGateway in the search box at the top of the ThingTemplates table, and click the permissions icon (

) in the last column.

4. From the Run Time tab, use the search box under All Properties, Events, and Services to find and add the es-public-access user.

5. Click the Allow check mark in the Service Execute column.

6. Click Save.

Enabling Access to Properties, Services, and Events

For a public experience to access ThingWorx, the es-public-access user must be granted permission to the properties, services, and events that are used by that public experience. Use the following steps to grant the es-public-access user the required permissions to properties, services, and events used any public experiences published to the Experience Service.

Repeat this process for each property, service, or event that you want to grant access to.

1. From ThingWorx Composer, in the left navigation pane, click the type of the entity whose data must be accessed by a public experience.

2. Enter the name of the entity in the search box located at the top of the table.

If the entity is a system object, you must first click the filter icon, and select the Show System Objects checkbox. Click Apply.

3. Click the permissions icon (

) in the last column of the row containing the entity.

4. From the Run Time tab, use the search box under All Properties, Events, and Services to find and add the es-public-access user.

5. Click the Allow check mark under the appropriate permissions columns.

6. Click Save.

In addition to granting the es-public-access user permissions to experience data, you must also grant the es-public-access-org organization visibility permission.

Repeat this process for each entity that is accessed by a public experience.

1. From ThingWorx Composer, click the type of the entity whose data must be accessed by a public experience

2. Enter the name of the entity in the search box located at the top of the table.

If the entity is a system object, click the filter icon, and select the Show System Objects checkbox. Click Apply.

3. Click the permissions icon (

) in the last column of the row containing the entity.

4. On the Visibility tab, search for the es-public-access-org org and select it to add it.

5. Click Save.

Granting Visibility to Users and Groups Collections

Perform the following steps for the following collections:

• User Groups

• Users

1. From ThingWorx Composer, hover over User Groups under SECURITY, and click the permissions icon (

2. Click Visibility under PERMISSIONS.

3. Click Add Org/Org Units.

4. Select the es-authorization-org organization.

5. Click Add Entire Organization.

6. Click Done.

7. Click Save.

8. Repeat the process for Users under SECURITY.