Using the off-the-shelf access permissions provided by PLM systems is usually enough to manage your needs for security and division of data.
But when number of users grows, or when a PLM system is implemented across a large organization with a number of sites – It becomes imperative to be able to partition the data and support shared documents, classified projects and groups of users who have access to sections of the data and not all the data.
That said – We also made a conscious decision to stay within the boundaries of the Aras Innovator infrastructure, and extend the security model with the ability to manage “projects” that control access to a subset of documents or parts.
Here’s what we aimed to achieve:
We have created objects we call “Projects”.
• Each project may have one or more users or groups related to it
• Each project is assigned a project manager that controls who have access to this project
• Each project can be set as “Classified” (Private) or “Public”. A classified project cannot be seen by anyone that is not a member of this project
• Each user on this project may have “RW” (Read/Write) or “RO” (Read Only) permissions
• RO (Read Only) is defined by checking the appropriate box next to the user that we wish to grant RO access instead of RW access
• Each new Document or Part that is created may be assigned a project by the creator. If no project is assigned then the object is publicly available or otherwise it is governed by the project permissions
Here’s a screenshot of how we define our groups/projects: