Showing results for 
Search instead for 
Did you mean: 
Showing results for 
Search instead for 
Did you mean: 

The use of System User

No ratings

The system user can become a vital point for properly yet conveniently securing your application.

From the ThingWorx helpcenter:

The system user is a system object in ThingWorx. With the System User, if a service is called from within a service or subscription (a wrapped service call), and the System User is permitted to execute the service, the service will be permitted to execute regardless of the User who initially triggered the sequence of events, scripts, or services.

A few important notes to remember:

  • It is not possible to log in as a system user
  • Adding a system user to the Administrators group will not grant it the administrator permissions
  • Adding a system user to the Everyone organization will not grant it the same visibility

As an option, one of the posts on our community provides a script to assign all of the permissions to the system user for a one time set up:


1. Create a new template T1, several things Thing1, Thing2, Thing3

2. Create a new thing NewThing and a new user BlankUser

3. Create a service within NewThing that uses ThingTemplates[“T1"].GetImplementingThings() and give all the permissions to the new non-admin user, BlankUser

Now the service on the template T1 can be accessed through the NewThing without explicit permissions for the BlankUser but rather through the system user.

When manipulating with data (involving read/write and access to persistence provider), the BlankUser would require more than  just visibility permissions. For example, for a Stream, the following permissions would need to be set up:

1. Visibility on Stream template,StreamProcessingSubsystem, PersistenceProvider

2. Read/write permission on the Stream thing in the use case, created with the Stream template.

Similarly, for other sources of data, things, templates and resources involved need visibility and, depending on the scenario, read/write permissions on the specific template.


In order to allow visibility to the System User an Organization needs to be created that includes the System User and visibility granted to that Organization. Is this what is intended? Would it make sense for the ThingWorx platform to include such an Organization?

For security purposes there is currently no such organization. The idea is to have the adminsitrator build that organization with the security tailored to their requirements/needs. There is a possiblity of future features to include some expansion in this area.

Okay, thanks. I think I see - granting entity visibility to a "System Organization" would be almost like allowing visibility to Everyone and must be used with care to avoid exposing private/secure information to the wrong users.

Precisely. Besides, when building the security layer by layer, it really allows to understand the nuances and proper handling.

Have you assigned visibility to that organization? It's still need to be configured as any other organization.

Version history
Last update:
‎Dec 21, 2016 11:57 AM
Updated by:
Labels (1)