cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about PTC Community Badges. Engage with PTC and see how many you can earn! X

How to limit access to TWX Composer

Go to solution
nahuel
14-Alexandrite
14-Alexandrite
‎Nov 09, 2020 12:52 PM
‎Nov 09, 2020 12:52 PM

How to limit access to TWX Composer

Hi there!

 

I created a custom READ only role (by following documentation) and I could remove Composer tile from composer. But if the User enters the http://<domain>/Thingworx/Composer/  URL in the browser they get, although limited, still access to the ThingWorx Composer. I'd like to change the behavior by changing the response (to not responding at all, responding 404, or redirecting) so that the user can't see the Composer at all. How would you do that?

 

Any hints on the matter would be much appreciated.


Regards,

Nahuel

Labels:
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
mnarang
17-Peridot
17-Peridot
(To:nahuel)
‎Dec 09, 2020 07:49 AM
‎Dec 09, 2020 07:49 AM

The issue here is: if a non admin user wants to see a mashup and you want to restrict the same user to open the composer. Ideally you will remove the user from ComposerUserGroup then this user will not be able to open the composer but when this user will try to open the desired mashup it will through 401 not authorized to read. Now if you go to composer and give that mashup and other related component desired permission, user will be able to see this mashup. The same is happening with manufacturing apps landing page (considering it is also a mashup). So it does not matter if your apps user is in Maintenance engineer group or not but if that user is not able to open the composer then you need to give all the required permission to open the desired apps landing page.

 

Hope it helps

Thanks
Mukul Narang

View solution in original post

0 Kudos
Notify Moderator
5 REPLIES 5
mnarang
17-Peridot
17-Peridot
(To:nahuel)
‎Nov 19, 2020 05:16 AM
‎Nov 19, 2020 05:16 AM

I believe from Thingworx 8.4 and later there is already a system object in User Group called ComposerUser. You can restrict any user from completely accessing composer by removing that user from ComposerUser user group.

 

 

Thanks,

Mukul Narang

Notify Moderator
nahuel
14-Alexandrite
14-Alexandrite
(To:mnarang)
‎Nov 26, 2020 02:17 PM
‎Nov 26, 2020 02:17 PM

Hi @mnarang 

 

Thanks for your answer. I found the ComposerUsers user group which has Users user group (ie, all users) as a member. I did the following:

1)I removed Users user group from ComposerUsers user group.

2)I duplicated Users user group (ex, CustomComposerUsers).

3)I removed the user that do not need access to Composer from CustomComposerUsers user group.

4)I added CustomComposerUsers user group as a member of ComposerUsers user group.

But when I tried to log in into ThingWorx Apps I got the following message:

Screenshot from 2020-11-26 16-14-44.png

and If I add back the removed user in step 3) into CustomComposerUsers user group the message does not show up again.

0 Kudos
Notify Moderator
mnarang
17-Peridot
17-Peridot
(To:nahuel)
‎Dec 09, 2020 07:49 AM
‎Dec 09, 2020 07:49 AM

The issue here is: if a non admin user wants to see a mashup and you want to restrict the same user to open the composer. Ideally you will remove the user from ComposerUserGroup then this user will not be able to open the composer but when this user will try to open the desired mashup it will through 401 not authorized to read. Now if you go to composer and give that mashup and other related component desired permission, user will be able to see this mashup. The same is happening with manufacturing apps landing page (considering it is also a mashup). So it does not matter if your apps user is in Maintenance engineer group or not but if that user is not able to open the composer then you need to give all the required permission to open the desired apps landing page.

 

Hope it helps

Thanks
Mukul Narang

0 Kudos
Notify Moderator
anarwal
13-Aquamarine
13-Aquamarine
(To:nahuel)
‎Nov 20, 2020 06:02 AM
‎Nov 20, 2020 06:02 AM

Hi @nahuel , If @mnarang  response has answered your question, please mark as Accepted Solution, for the benefit of others who may have the same question.

0 Kudos
Notify Moderator
slangley
23-Emerald II
23-Emerald II
(To:nahuel)
‎Dec 18, 2020 03:59 PM
‎Dec 18, 2020 03:59 PM

Hi @nahuel.

 

I have marked the solution for this post.  If you disagree that it is the solution, please let me know.

 

Regards.

 

--Sharon

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags