Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X
Hi there!
I created a custom READ only role (by following documentation) and I could remove Composer tile from composer. But if the User enters the http://<domain>/Thingworx/Composer/ URL in the browser they get, although limited, still access to the ThingWorx Composer. I'd like to change the behavior by changing the response (to not responding at all, responding 404, or redirecting) so that the user can't see the Composer at all. How would you do that?
Any hints on the matter would be much appreciated.
Regards,
Nahuel
Solved! Go to Solution.
The issue here is: if a non admin user wants to see a mashup and you want to restrict the same user to open the composer. Ideally you will remove the user from ComposerUserGroup then this user will not be able to open the composer but when this user will try to open the desired mashup it will through 401 not authorized to read. Now if you go to composer and give that mashup and other related component desired permission, user will be able to see this mashup. The same is happening with manufacturing apps landing page (considering it is also a mashup). So it does not matter if your apps user is in Maintenance engineer group or not but if that user is not able to open the composer then you need to give all the required permission to open the desired apps landing page.
Hope it helps
Thanks
Mukul Narang
I believe from Thingworx 8.4 and later there is already a system object in User Group called ComposerUser. You can restrict any user from completely accessing composer by removing that user from ComposerUser user group.
Thanks,
Mukul Narang
Hi @mnarang
Thanks for your answer. I found the ComposerUsers user group which has Users user group (ie, all users) as a member. I did the following:
1)I removed Users user group from ComposerUsers user group.
2)I duplicated Users user group (ex, CustomComposerUsers).
3)I removed the user that do not need access to Composer from CustomComposerUsers user group.
4)I added CustomComposerUsers user group as a member of ComposerUsers user group.
But when I tried to log in into ThingWorx Apps I got the following message:
and If I add back the removed user in step 3) into CustomComposerUsers user group the message does not show up again.
The issue here is: if a non admin user wants to see a mashup and you want to restrict the same user to open the composer. Ideally you will remove the user from ComposerUserGroup then this user will not be able to open the composer but when this user will try to open the desired mashup it will through 401 not authorized to read. Now if you go to composer and give that mashup and other related component desired permission, user will be able to see this mashup. The same is happening with manufacturing apps landing page (considering it is also a mashup). So it does not matter if your apps user is in Maintenance engineer group or not but if that user is not able to open the composer then you need to give all the required permission to open the desired apps landing page.
Hope it helps
Thanks
Mukul Narang