cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Need to share some code when posting a question or reply? Make sure to use the "Insert code sample" menu option. Learn more! X

Everyone Organization

bmellish
5-Regular Member

Everyone Organization

In 8.0 release notes it was stated that the Everyone Organization no longer grants read access to all entities.  What access does it grant?  What is the use of the Everyone Org, and what is the best practice regarding using this Org in 8.2

1 ACCEPTED SOLUTION

Accepted Solutions
hrajpal
13-Aquamarine
(To:bmellish)

Greetings Ben,

 

This feature was added intentionally keeping mind the security features where all users added in Everyone Organization should not have full visibility.

 

PTC designed Asset Advisor for use by a Maintenance Technician, designed Controls Advisor for use by a Controls Engineer and designed Production Advisor for use by a Plant/Production Manager.

There are typically “regular” (non-admin) type users and then “super” (admin) type users. Admin type users typically have write/design permissions and regular users typically have read/run type permissions.

 

From an operational perspective, a best practice may be to understand the different types of users and permissions needed for those roles and set-up accordingly.

 

Each business would have to determine what is best for them from an operational and security aspect.

They may wish all users to be added back in the Everyone Organization granted all visibility or assess user roles and the specific permissions that should be granted for each of them.

 

Now the scenario where you want to add users in Everyone Organization is that when you want to invoke the service of thing which do not have visibility for that user.

 

Thanks,

Himesh Rajpal

View solution in original post

5 REPLIES 5
mnarang
17-Peridot
(To:bmellish)

Starting from Thingworx 8.0 and onwards any new user created will not be able to see any entity as the user group is not granted a default visibility to all the entities as a member of Everyone organization .The best practice is to remove the user group from Everyone organization from Administrator and then provide access permissions to user as required in the solution .

bmellish
5-Regular Member
(To:mnarang)

So nothing changed about the Everyone Org, just the behavior of automatically adding users to it on creation.  In other words putting a user or user group into Everyone still grants access to all entities?

mnarang
17-Peridot
(To:bmellish)

There is a difference .I performed a test on Thingworx 7.2 where there was user group in Everyone organizations .I created a new dummy user from administrator and I logged in from that user and I am able to see entities as before 8.0 everyone organization had default visibility access for all the entities .

Now i performed the same test on ThingWorx 8.0.2 .It also had users group in Everyone organization and i created a new dummy user from administrator and logged in from that user and I am not able to see entities as default visibility access is removed now from Everyone organization despite user group is still added in organization .

I think the difference is clear now .Removing users from Everyone organization is a practice which i mentioned .  

bmellish
5-Regular Member
(To:mnarang)

Yes I was also able to conduct these experiments also.  I guess the questions remain: What exactly does the Everyone organization grant permission to if anything?  We know it is best practice to not put users in there, but in what scenario should we actually use this organization?  If it does not grant any access why would it be a best practice to not put users in there?  It would be nice to see a document on this topic clarifying the use of the Everyone Org.

hrajpal
13-Aquamarine
(To:bmellish)

Greetings Ben,

 

This feature was added intentionally keeping mind the security features where all users added in Everyone Organization should not have full visibility.

 

PTC designed Asset Advisor for use by a Maintenance Technician, designed Controls Advisor for use by a Controls Engineer and designed Production Advisor for use by a Plant/Production Manager.

There are typically “regular” (non-admin) type users and then “super” (admin) type users. Admin type users typically have write/design permissions and regular users typically have read/run type permissions.

 

From an operational perspective, a best practice may be to understand the different types of users and permissions needed for those roles and set-up accordingly.

 

Each business would have to determine what is best for them from an operational and security aspect.

They may wish all users to be added back in the Everyone Organization granted all visibility or assess user roles and the specific permissions that should be granted for each of them.

 

Now the scenario where you want to add users in Everyone Organization is that when you want to invoke the service of thing which do not have visibility for that user.

 

Thanks,

Himesh Rajpal

Top Tags