Skip to main content
P
PK_138064854-Participant
4-Participant
July 25, 2025
Solved

Thingworx Remove all permissions

  • July 25, 2025
  • 3 replies
  • 701 views

Hi,

I use Thingworx version 9.6.2. It seems that the Resources["SecurityServices"].DeleteRunTimePermission first parameter type needs to be "Thing" for example if one is to remove permissions from that thing.

This is the code for a service to remove all permissions that i have to far, however the error message i get is following:  

Error executing service RemoveAllPermissions. Message :: Invalid Permission Type : [Thing] - See Script Error Log for more details.

The point of the service is to remove all existing permissions added to a thing from a user or group, NOT changing the permissions level like read/write/subscribe etc.

Code:

var projectName = me.ProjectName;
var projectEntities = Projects[projectName].GetEntities();
logger.info("all entities in project: " + projectEntities.rows);
var result = [];

var things = [];
var userOrUserGroups = [];

// sorting things and nonthings in two seperate lists
for (var i = 0; i < projectEntities.rows.length; i++) {

var entity = projectEntities.rows[i];

if (entity.type == "Thing"){
things.push(entity);
}
if (entity.type == "User" || entity.type == "Group"){
userOrUserGroups.push(entity);
}
}

// removing runtime permissions for every user or usergroups for all things
for (var j = 0; j < things.length; j++){
for (var k = 0; k < userOrUserGroups.length; k++){

Resources["SecurityServices"].DeleteRunTimePermission({
type: things[j].type,
resource: things[j].name,
principal: userOrUserGroups[k].name,
principalType: userOrUserGroups[k].type
});
result.push(userOrUserGroups[k]);
logger.warn("Deleted all permissions for Thing: " + things[j]);

}
}

 

Best answer by Constantine

Hello,

 

Services "DeleteRunTimePermission" and "DeleteDesignTimePermission" are defined on all entities, and "type" parameter is for the permission type, not entity type.

 

If you want to simply remove everything from an individual Thing, the easiest would be like this:

 

for (var i = 0; i < projectEntities.rows.length; i++) {
 let row = projectEntities.rows[i];
 if (row.type === "Thing") {
 let thing = Things[row.name];
 thing.SetRunTimePermissionsAsJSON({ permissions: {} });
 thing.SetDesignTimePermissionsAsJSON({ permissions: {} });
 thing.SetVisibilityPermissionsAsJSON({ permissions: {} });
 }
}

 

Just to make it clear -- there will be still some permissions, which those things inherit from their parent Thing Template and from Collection level. Also there's the Owner semantics, which you need to keep in mind. So if I may ask -- why do you want to do it? There might be another, better way to achieve what you need.

 

/ Constantine

3 replies

Rocko
Rocko19-Tanzanite
19-Tanzanite
July 28, 2025

How do you know the first parameter is the type of the entity?

The error message says that where you put in the entity type, it expects really the permission type:

Invalid Permission Type : [Thing]

What I think this does is it deletes the runtime permission on the Resource SecurityServices itself, not on the thing you want. You need to run the service on the entity itself, I guess.

valid permission type values can be found here: https://support.ptc.com/help/thingworx_hc/javadoc/com/thingworx/security/permissions/PermissionTypes.html

 

C
Constantine18-OpalAnswer
18-Opal
July 28, 2025

Hello,

 

Services "DeleteRunTimePermission" and "DeleteDesignTimePermission" are defined on all entities, and "type" parameter is for the permission type, not entity type.

 

If you want to simply remove everything from an individual Thing, the easiest would be like this:

 

for (var i = 0; i < projectEntities.rows.length; i++) {
 let row = projectEntities.rows[i];
 if (row.type === "Thing") {
 let thing = Things[row.name];
 thing.SetRunTimePermissionsAsJSON({ permissions: {} });
 thing.SetDesignTimePermissionsAsJSON({ permissions: {} });
 thing.SetVisibilityPermissionsAsJSON({ permissions: {} });
 }
}

 

Just to make it clear -- there will be still some permissions, which those things inherit from their parent Thing Template and from Collection level. Also there's the Owner semantics, which you need to keep in mind. So if I may ask -- why do you want to do it? There might be another, better way to achieve what you need.

 

/ Constantine

P
PK_138064854-ParticipantAuthor
4-Participant
July 28, 2025

Hello Constantine,

See my reply as solution. Thank you, do your code that you illustrated achieve the same result as mine?

// PK

C
Constantine18-Opal
18-Opal
July 28, 2025

Yup.

P
PK_138064854-ParticipantAuthor
4-Participant
July 28, 2025

This code seemed to fix the problem:

Skärmbild 2025-07-28 114138.png
The reason for this service is to get a form of "clean slate" when you can take in a project, clear all existing permissions of all things in the project so you can start fresh, if a situation like that would appear.
// PK

C
Constantine18-Opal
18-Opal
July 28, 2025

Did you try a snippet I provided? It is five times shorter, and also handles design-time and visibility permissions.

 

What you wrote there can be achieved with a oneliner: 

 

Projects[projectName].GetEntities().rows.toArray().filter(row => row.type === 'Thing').forEach(r => Things[r.name].SetRunTimePermissionsAsJSON({ permissions: {} }));

 

/ Constantine

Terms & ConditionsCookie settingsAccessibility statement