cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ThingWorx Navigate is now Windchill Navigate Learn More

Translate the entire conversation x

Can I have a user access Composer but in read only mode?

Go to solution
avillanueva
23-Emerald I
23-Emerald I
‎Feb 18, 2025 02:16 PM
‎Feb 18, 2025 02:16 PM

Can I have a user access Composer but in read only mode?

I would like to grant a user the ability to see the Composer, which they can now but not the ability to make edits. Just they can view code, properties, services, relationships, etc. How can this be done?

Labels:
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
VladimirRosu
19-Tanzanite
19-Tanzanite
(To:avillanueva)
‎Feb 24, 2025 09:31 AM
‎Feb 24, 2025 09:31 AM

Hi @avillanueva,

 

It's a 5 mins activity, which follows the Principle of Least Privilege, which you should really follow from a security perspective whenever giving users rights.

 

You would need to define what “read-only” means because it could mean several things

     A. You could go in Composer, see all Entities or only some type of Entities – one choice to make

     B. You could go in Composer and be able to see entities, but not be able to see property values – another choice to make.

 

This are the steps. :

  1. For each user you need to set the Composer rights properly – what he sees from the Composer interface:

VladimirRosu_0-1740406950781.png      2. Create a user group that contains all these users. Let’s name it GuestUsers

      3. Create an Organization that contains the GuestUsers user group. Let’s name it GuestOrganization.

      4. In the Permissions, Collections section, you can select all Collection types (or the ones you need – option A above) and to the following

             a. Set Visibility for all entity types, at once for the GuestOrganization. This will allow users to see the entity names in Composer (nothing more).

VladimirRosu_1-1740406950786.png

 

            b. Set DesignTime Permission for all entity types, at oncem for the GuestUsers group. This will allow users to be able to click on the entity in Composer and see everything, EXCEPT property values.

VladimirRosu_2-1740406950794.png

            c. ONLY IF NEEDED - Set Runtime Permissions for all entity types, at once for the GuestUsers group. This will allow users to see also property values – and execute any service from the entity. We need the ServiceExecute just because the Composer when loading an entity in Composer it uses a Service to load all the values – does not read them directly.

VladimirRosu_3-1740406950806.png

 

View solution in original post

Notify Moderator
4 REPLIES 4
Velkumar
19-Tanzanite
19-Tanzanite
(To:avillanueva)
‎Feb 19, 2025 12:19 AM
‎Feb 19, 2025 12:19 AM

Hi @avillanueva 

 

You can create a developer user and provide visibility & Design time read only access to them.

 

/VR

0 Kudos
Notify Moderator
avillanueva
23-Emerald I
23-Emerald I
(To:Velkumar)
‎Feb 19, 2025 09:19 AM
‎Feb 19, 2025 09:19 AM

I have a user already who I want to grant access. Are you suggesting creating a developer role? Can you provide details on assigning the access you spoke about?

0 Kudos
Notify Moderator
Velkumar
19-Tanzanite
19-Tanzanite
(To:avillanueva)
‎Feb 24, 2025 01:21 AM
‎Feb 24, 2025 01:21 AM

@avillanueva  If you have existing user and want to make them developer. You can add them to "Developers" user group

 

Velkumar_0-1740377915111.png

 

And you can give Design Time permission to Read only

 

Velkumar_1-1740378072218.png

 

/VR

 

 

0 Kudos
Notify Moderator
VladimirRosu
19-Tanzanite
19-Tanzanite
(To:avillanueva)
‎Feb 24, 2025 09:31 AM
‎Feb 24, 2025 09:31 AM

Hi @avillanueva,

 

It's a 5 mins activity, which follows the Principle of Least Privilege, which you should really follow from a security perspective whenever giving users rights.

 

You would need to define what “read-only” means because it could mean several things

     A. You could go in Composer, see all Entities or only some type of Entities – one choice to make

     B. You could go in Composer and be able to see entities, but not be able to see property values – another choice to make.

 

This are the steps. :

  1. For each user you need to set the Composer rights properly – what he sees from the Composer interface:

VladimirRosu_0-1740406950781.png      2. Create a user group that contains all these users. Let’s name it GuestUsers

      3. Create an Organization that contains the GuestUsers user group. Let’s name it GuestOrganization.

      4. In the Permissions, Collections section, you can select all Collection types (or the ones you need – option A above) and to the following

             a. Set Visibility for all entity types, at once for the GuestOrganization. This will allow users to see the entity names in Composer (nothing more).

VladimirRosu_1-1740406950786.png

 

            b. Set DesignTime Permission for all entity types, at oncem for the GuestUsers group. This will allow users to be able to click on the entity in Composer and see everything, EXCEPT property values.

VladimirRosu_2-1740406950794.png

            c. ONLY IF NEEDED - Set Runtime Permissions for all entity types, at once for the GuestUsers group. This will allow users to see also property values – and execute any service from the entity. We need the ServiceExecute just because the Composer when loading an entity in Composer it uses a Service to load all the values – does not read them directly.

VladimirRosu_3-1740406950806.png

 

Notify Moderator
Announcements


Contact Community Management
Top Tags