User Management and Access Control > Configure Public Access to ThingWorx > Grant User Permissions
  
Grant User Permissions
This section provides information about how to configure public access for a ThingWorx server. It is assumed that your server has been pre-configured with a ThingWorx user named es-public-access, and that the Experience Service has been configured to use an application key associated with this user to access the ThingWorx server on behalf of public experiences. It is also assumed that your ThingWorx server has been pre-configured with a ThingWorx organization named es-public-access-org and that the es-public-access user is a member of this organization. All servers that you have been provided with are configured this way.
ThingWorx Composer can be used to grant permissions to users and organizations. The Composer can be accessed by entering the following URL into your browser:
https://<Your Experience Service host>/Thingworx
* 
Replace “Your experience service host” with the host name of the server that has been provided to you.
Enabling WebSocket Connections
* 
This may have already been done for you OOTB.
The following permissions must be granted to the es-public-access user to enable public experiences to connect to ThingWorx using web sockets. A WebSocket connection is required if any of the thing properties accessed by a public experience have been configured to be auto-refreshed. You must grant permissions for the following:
Permission
Instructions
Visibility permission on the EntityServices resource
1. From ThingWorx Composer, click Resources under the System section.
2. Enter EntityServices in the filter field, and click the permissions icon () in the last column.
3. Click Add Org/Org Units.
4. Select the es-public-access-org organization.
5. Click Add Entire Organization.
6. Click Done.
7. Click Save.
Run Time Service Execute permission for the GetClientApplicationKey service on the EntityServices resource
Use the following steps to grant the es-public-access user run time Service Execute permission for the GetClientApplicationKey service on the EntityServices resource.
1. From ThingWorx Composer, click Resources under the System section.
2. Enter EntityServices in the filter field, and click the permissions icon () in the last column.
3. Click the Run Time tab.
4. Under Property, Service or Event Overrides, use the search box to find and add the GetClientApplicationKey.
5. Under GetClientApplicationKey, use the search box to find and add the es-public-access user. Click the check mark in the Service Execute column.
6. Click Save at the top of the page.
Run time instance Service Execute permission for the SDKGateway thing template
Use the following steps to grant the es-public-access user run time instance Service Execute permission for the SDKGateway thing template.
1. From ThingWorx Composer, click Thing Templates under the Modeling section.
2. Click the filter icon and select the Show System Objects checkbox. Click Apply.
3. Enter SDKGateway in the search box at the top of the ThingTemplates table, and click the permissions icon () in the last column.
4. From theRun Time tab, use the search box under All Properties, Events, and Services to find and add the es-public-access user.
5. Click the Allow check mark in the Service Execute column.
6. Click Save.
Visibility Instance—permissions on the SDKGateway thing template
1. From ThingWorx Composer, click Thing Templates under the Modeling section.
2. Click the filter icon, and select the Show System Objects checkbox. Click Apply.
3. Enter SDKGateway in the search box at the top of the Thing Templates table, and click the permissions icon () in the last column.
4. On the Visibility tab, search for the es-public-access-org org and select it to add it.
5. Click Save.
Enabling Access to Properties, Services, and Events
For a public experience to access ThingWorx, the es-public-access user must be granted permission to the properties, services, and events that are used by that public experience. Use the following steps to grant the es-public-access user the required permissions to properties, services, and events used any public experiences published to the Experience Service.
* 
Repeat this process for each property, service, or event that you want to grant access to.
1. From ThingWorx Composer, in the left navigation pane, click the type of the entity whose data must be accessed by a public experience.
2. Enter the name of the entity in the search box located at the top of the table.
* 
If the entity is a system object, you must first click the filter icon, and select the Show System Objects checkbox. Click Apply.
3. Click the permissions icon () in the last column of the row containing the entity.
4. From the Run Time tab, use the search box under All Properties, Services, and Events to find and add the es-public-access user.
5. Click the Allow check mark under the appropriate permissions columns.
6. Click Save.
In addition to granting the es-public-access user permissions to experience data, you must also grant the es-public-access-org organization visibility permission.
* 
Repeat this process for each entity that is accessed by a public experience.
1. From ThingWorx Composer, click the type of the entity whose data must be accessed by a public experience
2. Enter the name of the entity in the search box located at the top of the table.
* 
If the entity is a system object, click the filter icon, and select the Show System Objects checkbox. Click Apply.
3. Click the permissions icon () in the last column of the row containing the entity.
4. On the Visibility tab, search for the es-public-access-org org and select it to add it.
5. Click Save.