Solved: Thingworx Remove all permissions

PK_13806485 · ‎Jul 25, 2025

Hi,

I use Thingworx version 9.6.2. It seems that the Resources["SecurityServices"].DeleteRunTimePermission first parameter type needs to be "Thing" for example if one is to remove permissions from that thing.

This is the code for a service to remove all permissions that i have to far, however the error message i get is following:

Error executing service RemoveAllPermissions. Message :: Invalid Permission Type : [Thing] - See Script Error Log for more details.

The point of the service is to remove all existing permissions added to a thing from a user or group, NOT changing the permissions level like read/write/subscribe etc.

Code:

var projectName = me.ProjectName;
var projectEntities = Projects[projectName].GetEntities();
logger.info("all entities in project: " + projectEntities.rows);
var result = [];

var things = [];
var userOrUserGroups = [];

// sorting things and nonthings in two seperate lists
for (var i = 0; i < projectEntities.rows.length; i++) {

var entity = projectEntities.rows[i];

if (entity.type == "Thing"){
things.push(entity);
}
if (entity.type == "User" || entity.type == "Group"){
userOrUserGroups.push(entity);
}
}

// removing runtime permissions for every user or usergroups for all things
for (var j = 0; j < things.length; j++){
for (var k = 0; k < userOrUserGroups.length; k++){

Resources["SecurityServices"].DeleteRunTimePermission({
type: things[j].type,
resource: things[j].name,
principal: userOrUserGroups[k].name,
principalType: userOrUserGroups[k].type
});
result.push(userOrUserGroups[k]);
logger.warn("Deleted all permissions for Thing: " + things[j]);

}
}

Constantine · ‎Jul 28, 2025

Hello,

Services "DeleteRunTimePermission" and "DeleteDesignTimePermission" are defined on all entities, and "type" parameter is for the permission type, not entity type.

If you want to simply remove everything from an individual Thing, the easiest would be like this:

for (var i = 0; i < projectEntities.rows.length; i++) {
    let row = projectEntities.rows[i];
    if (row.type === "Thing") {
        let thing = Things[row.name];
        thing.SetRunTimePermissionsAsJSON({ permissions: {} });
        thing.SetDesignTimePermissionsAsJSON({ permissions: {} });
        thing.SetVisibilityPermissionsAsJSON({ permissions: {} });
    }
}

Just to make it clear -- there will be still some permissions, which those things inherit from their parent Thing Template and from Collection level. Also there's the Owner semantics, which you need to keep in mind. So if I may ask -- why do you want to do it? There might be another, better way to achieve what you need.

/ Constantine

Vilia (my company) | GitHub | LinkedIn

View solution in original post

Rocko · ‎Jul 28, 2025

How do you know the first parameter is the type of the entity?

The error message says that where you put in the entity type, it expects really the permission type:

Invalid Permission Type : [Thing]

What I think this does is it deletes the runtime permission on the Resource SecurityServices itself, not on the thing you want. You need to run the service on the entity itself, I guess.

valid permission type values can be found here: https://support.ptc.com/help/thingworx_hc/javadoc/com/thingworx/security/permissions/PermissionTypes.html

Constantine · ‎Jul 28, 2025

Hello,

Services "DeleteRunTimePermission" and "DeleteDesignTimePermission" are defined on all entities, and "type" parameter is for the permission type, not entity type.

If you want to simply remove everything from an individual Thing, the easiest would be like this:

for (var i = 0; i < projectEntities.rows.length; i++) {
    let row = projectEntities.rows[i];
    if (row.type === "Thing") {
        let thing = Things[row.name];
        thing.SetRunTimePermissionsAsJSON({ permissions: {} });
        thing.SetDesignTimePermissionsAsJSON({ permissions: {} });
        thing.SetVisibilityPermissionsAsJSON({ permissions: {} });
    }
}

Just to make it clear -- there will be still some permissions, which those things inherit from their parent Thing Template and from Collection level. Also there's the Owner semantics, which you need to keep in mind. So if I may ask -- why do you want to do it? There might be another, better way to achieve what you need.

/ Constantine

Vilia (my company) | GitHub | LinkedIn

PK_13806485 · ‎Jul 28, 2025

Hello Constantine,

See my reply as solution. Thank you, do your code that you illustrated achieve the same result as mine?

// PK

Constantine · ‎Jul 28, 2025

Yup.

Vilia (my company) | GitHub | LinkedIn

PK_13806485 · ‎Jul 28, 2025

I tried it and it worked great, very simple solution, well done and thank you ^^

PK_13806485 · ‎Jul 28, 2025

This code seemed to fix the problem:

The reason for this service is to get a form of "clean slate" when you can take in a project, clear all existing permissions of all things in the project so you can start fresh, if a situation like that would appear.
// PK

Constantine · ‎Jul 28, 2025

Did you try a snippet I provided? It is five times shorter, and also handles design-time and visibility permissions.

What you wrote there can be achieved with a oneliner:

Projects[projectName].GetEntities().rows.toArray().filter(row => row.type === 'Thing').forEach(r => Things[r.name].SetRunTimePermissionsAsJSON({ permissions: {} }));

/ Constantine

Vilia (my company) | GitHub | LinkedIn