cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ThingWorx Navigate is now Windchill Navigate Learn More

Translate the entire conversation x

How to Restrict Dropdown Values Based on User Access in ThingWorx?

Go to solution
MA8731174
16-Pearl
16-Pearl
‎Jul 21, 2025 03:02 AM
‎Jul 21, 2025 03:02 AM

How to Restrict Dropdown Values Based on User Access in ThingWorx?

Hi everyone,

I'm working on a project in ThingWorx where users (e.g., customers) should only be able to see and interact with their own data. Here's the scenario:

Past Setup:

  • I have a configuration table that includes a field subUnitMapping, which links customers to their specific datasets.

  • When a new customer accesses the application for the first time via mobile, a dataset is dynamically created and the appropriate subUnitMapping is assigned to both the dataset and its Thing for permission control.

  • In the mashup, users select their line from a dropdown, press a button, and are navigated to their respective mashup/data.

🧩 Current Setup Challenge (new project):

        I have datasets for different customer and customers land to dropdown page where they choose their name from dropdown and then enter to navigate to their own mashup. I mean i can make this with textfield that they have to write something in it and enter to come to mashup with their own dataset....

  • In the dropdown list, all customer values are visible, which is a problem.

  • If Customer A sees and selects Customer B’s line by mistake (or intentionally), they will be redirected to someone else’s mashup — which is a security  issue.

My Goal:

I want each customer to only see their allowed dropdown value(e.g., only their dataset/lines) in the dropdown.

 

🧠 Any Ideas?

How can I:

  • Restrict the dropdown options based on user access?

Appreciate any suggestions, best practices, or examples!

Thanks,

0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
Rocko
19-Tanzanite
19-Tanzanite
(To:MA8731174)
‎Jul 21, 2025 04:59 AM
‎Jul 21, 2025 04:59 AM

Why would a user have to choose themselves in a dropdown? At that point you already know who the user is, so no need to offer the dropdown in the first place.

Also, take a step back from the UI. It seems like you are trying to solve a privilege issue with UI configuration. Remember that any user can also call REST services instead of using the UX at all. And they can make educated guessed about the parameters they provide. The consequence is that security/privileges need to be built into the backend, not the frontend. And on backend side you know who the user is and you can filter other service call results accordingly.

View solution in original post

Notify Moderator
2 REPLIES 2
Rocko
19-Tanzanite
19-Tanzanite
(To:MA8731174)
‎Jul 21, 2025 04:59 AM
‎Jul 21, 2025 04:59 AM

Why would a user have to choose themselves in a dropdown? At that point you already know who the user is, so no need to offer the dropdown in the first place.

Also, take a step back from the UI. It seems like you are trying to solve a privilege issue with UI configuration. Remember that any user can also call REST services instead of using the UX at all. And they can make educated guessed about the parameters they provide. The consequence is that security/privileges need to be built into the backend, not the frontend. And on backend side you know who the user is and you can filter other service call results accordingly.

Notify Moderator
MA8731174
16-Pearl
16-Pearl
(To:Rocko)
‎Jul 25, 2025 02:16 AM
‎Jul 25, 2025 02:16 AM

Thanks for your insights. I am implementing now user rights accordingly. 

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags