cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Need to share some code when posting a question or reply? Make sure to use the "Insert code sample" menu option. Learn more! X

Permission inheritance

Go to solution
ZbigniewK
10-Marble
10-Marble
‎Aug 24, 2023 02:21 AM
‎Aug 24, 2023 02:21 AM

Permission inheritance

How inheritance of permissions works?
If mashups is calling a Thing and Thing is based on Template - will it take it from mashup, or Thing Template?

In specific case:

- we have UserA and User B,

- we have one mashup,

- we have 2 ThingTemplates: TTA and TTB,

- we have 2 Things created from ThingTemplate TTA: Thing_A1, Thing_A2
- we have 2 Things created from ThingTemplate TTB: Thing_B1, Thing_B2

- we want UserA to have access to services in Thing_A1, Thing_A2

- we want UserB to have access to all Things.

In this case, if we set Mashup Runtime to Service Execute to both users, then we set ThingTemplate TTA to Service Execute both users, but thing Template TTB only to user B - will it work desired way? Will it inherit User B to be able to use Thing_B1, Thing_B2, but user A not be abled to use them?  

Labels:
0 Kudos
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
nmutter
14-Alexandrite
14-Alexandrite
(To:ZbigniewK)
‎Aug 24, 2023 06:44 AM
‎Aug 24, 2023 06:44 AM

You may check the docs. In general you need to differentiate: Runtime permissions and Visibility permissions. (There are also DesignTime permission but they are mostly for composer editing stuff).

- Visibility: Who can see the asset? Visibilty can only be assigned for Organization(Units).

- Runtime: What can the user do with it (which services can he execute)? Runtime can only be assigned for Users or UserGroups.

For inheritance there are "Instance" permissions, like ThingTemplate visibility instance permissions. If you give UserB thingtemplate instance visibility permissions for both thing templates, he can see all Thing instances of this ThingTemplate. User A you only give instance visibility permission for ThingTemplate A.

nmutter_0-1692873727245.png

 

Giving Mashup runtime service execute permissions will only apply for the mashup-entity itself. Not for items referenced in the mashup. So this is not what you want.

 

Also see: https://support.ptc.com/help/thingworx/platform/r9/en/#page/ThingWorx/Help/Best_Practices_for_Developing_Applications/security_2.html

 

Hope it helps Needs some experience to better understand.

View solution in original post

0 Kudos
Notify Moderator
1 REPLY 1
nmutter
14-Alexandrite
14-Alexandrite
(To:ZbigniewK)
‎Aug 24, 2023 06:44 AM
‎Aug 24, 2023 06:44 AM

You may check the docs. In general you need to differentiate: Runtime permissions and Visibility permissions. (There are also DesignTime permission but they are mostly for composer editing stuff).

- Visibility: Who can see the asset? Visibilty can only be assigned for Organization(Units).

- Runtime: What can the user do with it (which services can he execute)? Runtime can only be assigned for Users or UserGroups.

For inheritance there are "Instance" permissions, like ThingTemplate visibility instance permissions. If you give UserB thingtemplate instance visibility permissions for both thing templates, he can see all Thing instances of this ThingTemplate. User A you only give instance visibility permission for ThingTemplate A.

nmutter_0-1692873727245.png

 

Giving Mashup runtime service execute permissions will only apply for the mashup-entity itself. Not for items referenced in the mashup. So this is not what you want.

 

Also see: https://support.ptc.com/help/thingworx/platform/r9/en/#page/ThingWorx/Help/Best_Practices_for_Developing_Applications/security_2.html

 

Hope it helps Needs some experience to better understand.

0 Kudos
Notify Moderator
Top Tags