Skip to main content
M
MA873117416-Pearl
16-Pearl
July 21, 2025
Solved

How to Restrict Dropdown Values Based on User Access in ThingWorx?

  • July 21, 2025
  • 1 reply
  • 388 views

Hi everyone,

I'm working on a project in ThingWorx where users (e.g., customers) should only be able to see and interact with their own data. Here's the scenario:

๐Ÿ”ง Past Setup:

  • I have a configuration table that includes a field subUnitMapping, which links customers to their specific datasets.

  • When a new customer accesses the application for the first time via mobile, a dataset is dynamically created and the appropriate subUnitMapping is assigned to both the dataset and its Thing for permission control.

  • In the mashup, users select their line from a dropdown, press a button, and are navigated to their respective mashup/data.

๐Ÿงฉ Current Setup Challenge (new project):

        I have datasets for different customer and customers land to dropdown page where they choose their name from dropdown and then enter to navigate to their own mashup. I mean i can make this with textfield that they have to write something in it and enter to come to mashup with their own dataset....

  • In the dropdown list, all customer values are visible, which is a problem.

  • If Customer A sees and selects Customer Bโ€™s line by mistake (or intentionally), they will be redirected to someone elseโ€™s mashup โ€” which is a security  issue.

โ“ My Goal:

I want each customer to only see their allowed dropdown value(e.g., only their dataset/lines) in the dropdown.

 

๐Ÿง  Any Ideas?

How can I:

  • Restrict the dropdown options based on user access?

Appreciate any suggestions, best practices, or examples!

Thanks,

Best answer by Rocko

Why would a user have to choose themselves in a dropdown? At that point you already know who the user is, so no need to offer the dropdown in the first place.

Also, take a step back from the UI. It seems like you are trying to solve a privilege issue with UI configuration. Remember that any user can also call REST services instead of using the UX at all. And they can make educated guessed about the parameters they provide. The consequence is that security/privileges need to be built into the backend, not the frontend. And on backend side you know who the user is and you can filter other service call results accordingly.

1 reply

Rocko
Rocko19-TanzaniteAnswer
19-Tanzanite
July 21, 2025

Why would a user have to choose themselves in a dropdown? At that point you already know who the user is, so no need to offer the dropdown in the first place.

Also, take a step back from the UI. It seems like you are trying to solve a privilege issue with UI configuration. Remember that any user can also call REST services instead of using the UX at all. And they can make educated guessed about the parameters they provide. The consequence is that security/privileges need to be built into the backend, not the frontend. And on backend side you know who the user is and you can filter other service call results accordingly.

    M
    MA873117416-PearlAuthor
    16-Pearl
    July 25, 2025

    Thanks for your insights. I am implementing now user rights accordingly. 

    Terms & ConditionsCookie settingsAccessibility statement