cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Want the oppurtunity to discuss enhancements to PTC products? Join a working group! X

Project visibility/design/runtime permission inheritance

LeoDias
3-Visitor

Project visibility/design/runtime permission inheritance

Is there anyway to set visibility/design/runtime  permissions to all entities that belong to specific project?

Is permissions inheritance. limited to ThingTemplate <--- Thing (instance)?

1 ACCEPTED SOLUTION

Accepted Solutions

Hi Leo,

Previous answers aren't 100% accurate about setting permissions by ProjectName, on 7.2 you have new snippets to Add permissions to a things that belong to a ProjectName.

Look for: SetEntityPermissions Snippet

Also won't be hard to build a service which queries entities that belong to a project and set it in batch.

Best Regards,

Carles.

View solution in original post

10 REPLIES 10
ttielebein
12-Amethyst
(To:LeoDias)

Hello,

You could assign permissions on the ThingShape level, and then have all things or templates with a certain permission scheme implement the ThingShape with those permissions granted. This is generally not advised because it can become very hard to manage and result in security issues for your application. The best practice way of granting permissions is to do it on the ThingTemplate level.

Please let me know if you have further questions on this.
Thanks!

Tori

Leo Dias​ Besides , what Tori said ,

Run Time, Design Time, and Visibility permissions on a ThingTemplate will only apply to that ThingTemplate and any child ThingTemplates

Run Time Instance, Design Time Instance, and Visibility Instance permissions on a ThingTemplate will be applied to all Things that use this ThingTemplate

Run Time, Design Time, and Visibility permissions on a Thing will override any instance permissions set on the ThingTemplate level

*Design Time Instance permissions are currently not functioning as expected.

Hi Leo,

Previous answers aren't 100% accurate about setting permissions by ProjectName, on 7.2 you have new snippets to Add permissions to a things that belong to a ProjectName.

Look for: SetEntityPermissions Snippet

Also won't be hard to build a service which queries entities that belong to a project and set it in batch.

Best Regards,

Carles.

Hi Carles,

Thanks for this answer, I do find it bizarre that we can't just set permission at the project level for all the entities belongs to a project. But anyways if we can only achieve this via Service. Can you please tell me, where would we execute this service? or do we need to execute this services all the time?

Regards,

Neetu

Hi Neetu, No, you just execute this service once and permissions are set forever, until you remove if of course. Best Regards, Carles.

Hello Carles,

Thanks for your response.

After executing that service, if we add some new entities later in that Project, will the permission assigned to the User automatically?

I have used following code, it kinda worked for me but not fully, I am calling this services on My master page loads:

//Get Current Group name

var group = Resources["CurrentSessionInfo"].GetCurrentUserGroups();

// Get project name associates to that group

var project = Groups[group[0].name].GetProjectName();

var params = {

allow: true /* BOOLEAN */,

name: group /* STRING */,

includeDependents: undefined /* BOOLEAN */,

type: "Group" /* STRING */,

projectName: project /* PROJECTNAME */,

tags: undefined /* TAGS */

};

// no return

Resources["EntityServices"].SetEntityPermission(params);

Hi Neetu, No, you are right, if you add new entities you will have to reexecute the service. On the other side, I won't execute SetEntityPermission on Master Mashup loads, Changing permissions should be an Administrator job, not a normal user job.

Hello Carles,

I was trying to automate it but I agree with you it is not a good practice. I am surprised that Thingworx doesn't provide a straight method to assign permissions for a set of entities to a Group or user.

Regards,

Neetu

"it kinda worked for me but not fully,"

 

what do you mean by not fully in this context?

Thankyou Carles Coll​ for putting up your expertness on this issue. Even we find it useful for future references.

Thank You once again.

Top Tags