Change a user password

htran-21 · ‎May 08, 2019

Hi,

I wonder how to enable a manager to change/reset password of his members?

My Bests,

Hung Tran

zyuan1 · ‎May 09, 2019

There are 3 ways to change password as I'm aware of.

1. When this user login the composer, Click on the User name on the upper right corner, a dropdown list with selection: Change Password will show up.

2. Use FormLogin page for a Organization Home Mashup, and enable Reset Password through email

3. Use an Administrator account (or other high level account who has design time edit permission to Users ), go to SECURITY- Users in the Home menu of the composer, and change password for each named user.

htran-21 · ‎May 09, 2019

Hi zyuan,

Thank you for your response.

I know these ways, but they don't match the requirement. About the 3rd way, that would have to give the Administration privilege to a non-administrator user, it means he could do anything to the system.

My Bests,

Hung Tran

zyuan1 · ‎May 09, 2019

As mentioned for this manager User's permission, give him DesignTime edit permission to Users Collection, but for other entities like Thing and mashup, you don't need to grant him the rights

htran-21 · ‎May 09, 2019

Hi zyuan1,

Does it mean that he could edit any user? He should be able to edit his members only.

My Bests,

Hung Tran

abarki · ‎May 14, 2019

Hi htran-21,

Did you get the chance to view underneath link about User access and permissions? It might provide answer to your question.

https://support.ptc.com/help/thingworx_hc/thingworx_analytics_8/#page/analytics%2Fanalytics-install-post-manager.html%23

Regards,

Asia

htran-21 · ‎May 14, 2019

Hi Asia,

Just take a look, that won't resolve the scenario.

This problem is related to the limitation of the current design of Security Model, we won't be able to do that.

My Bests,

Hung Tran

zyuan1 · ‎May 14, 2019

If for "his member only" means the Users which only belongs to this Group, it's a different problem.

The Group is just a collection of Users, and members can be added or removed at anytime, so there's no such permission for a manager to change only the Users in the Group.

But, if the manager has an account, that creates all the Users accounts for his members, then he can change all these Users password, and will not have access to other users.

i.e. Only give this Manager User DesignTime permission for Create and Update in the Users Collection. (No Read, add Delete if needed)

htran-21 · ‎May 29, 2019

Hi,

May you clear out your solution by an example? I assume a manager user is abcAdmin, and the user is a Manager of UserGroup ABC and belongs to Administrations group in order to have a right to change password for users in ABC group. What's exactly configuration on the user in order to restrict the admin rights on other users not in ABC group.

My Bests,

Hung Tran

zyuan1 · ‎May 29, 2019

Give abcAdmin user Create, Delete and Update in the Users Collection, let him create User accounts for all the members in his abc team, and then this user could manage all the Users he created.

Since this abcAdmin user doesn't have Read permission in the Collection, he won't be able to see the Users created by other accounts (i.e. users which belong to other teams), thus not able to edit or delete them.

abarki · ‎Jun 21, 2019

Hi htran-21,

If zyuan1 response answered your question? kindly mark the reply as the Accepted Solution, this will benefit others in the Community. Thank you.

Best,

abarki