cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you know you can set a signature that will be added to all your posts? Set it here! X

How to limit access to TWX Composer

nahuel
14-Alexandrite

How to limit access to TWX Composer

Hi there!

 

I created a custom READ only role (by following documentation) and I could remove Composer tile from composer. But if the User enters the http://<domain>/Thingworx/Composer/  URL in the browser they get, although limited, still access to the ThingWorx Composer. I'd like to change the behavior by changing the response (to not responding at all, responding 404, or redirecting) so that the user can't see the Composer at all. How would you do that?

 

Any hints on the matter would be much appreciated.


Regards,

Nahuel

1 ACCEPTED SOLUTION

Accepted Solutions
mnarang
17-Peridot
(To:nahuel)

The issue here is: if a non admin user wants to see a mashup and you want to restrict the same user to open the composer. Ideally you will remove the user from ComposerUserGroup then this user will not be able to open the composer but when this user will try to open the desired mashup it will through 401 not authorized to read. Now if you go to composer and give that mashup and other related component desired permission, user will be able to see this mashup. The same is happening with manufacturing apps landing page (considering it is also a mashup). So it does not matter if your apps user is in Maintenance engineer group or not but if that user is not able to open the composer then you need to give all the required permission to open the desired apps landing page.

 

Hope it helps

Thanks
Mukul Narang

View solution in original post

5 REPLIES 5
mnarang
17-Peridot
(To:nahuel)

I believe from Thingworx 8.4 and later there is already a system object in User Group called ComposerUser. You can restrict any user from completely accessing composer by removing that user from ComposerUser user group.

 

 

Thanks,

Mukul Narang

nahuel
14-Alexandrite
(To:mnarang)

Hi @mnarang 

 

Thanks for your answer. I found the ComposerUsers user group which has Users user group (ie, all users) as a member. I did the following:

1)I removed Users user group from ComposerUsers user group.

2)I duplicated Users user group (ex, CustomComposerUsers).

3)I removed the user that do not need access to Composer from CustomComposerUsers user group.

4)I added CustomComposerUsers user group as a member of ComposerUsers user group.

But when I tried to log in into ThingWorx Apps I got the following message:

Screenshot from 2020-11-26 16-14-44.png

and If I add back the removed user in step 3) into CustomComposerUsers user group the message does not show up again.

mnarang
17-Peridot
(To:nahuel)

The issue here is: if a non admin user wants to see a mashup and you want to restrict the same user to open the composer. Ideally you will remove the user from ComposerUserGroup then this user will not be able to open the composer but when this user will try to open the desired mashup it will through 401 not authorized to read. Now if you go to composer and give that mashup and other related component desired permission, user will be able to see this mashup. The same is happening with manufacturing apps landing page (considering it is also a mashup). So it does not matter if your apps user is in Maintenance engineer group or not but if that user is not able to open the composer then you need to give all the required permission to open the desired apps landing page.

 

Hope it helps

Thanks
Mukul Narang

anarwal
12-Amethyst
(To:nahuel)

Hi @nahuel , If @mnarang  response has answered your question, please mark as Accepted Solution, for the benefit of others who may have the same question.

slangley
23-Emerald II
(To:nahuel)

Hi @nahuel.

 

I have marked the solution for this post.  If you disagree that it is the solution, please let me know.

 

Regards.

 

--Sharon

Top Tags