Limiting Agile User Access to item Data
Is there a method available in Agile PLM for limiting private item data (e.g. private design data, sensitive information, etc.) from Agile users. Desired implementation is to give only a select group of users access to specific data. It is acceptable to see the item data Title Block, BOM, but not be able to open any attachments (i.e. .PDFs, CAD files, Word Docs, etc.)
Yes. One of the most impressive things about the Agile architecture is how granular you can get with user access and restrictions. Through reusable criteria, privilege masks, and roles – you can really make things as open or as restricted as you want.
For your example of access to File Attachments – there are “Discovery” privileges that determine what types of objects users can even find in the first place, “Read” privileges to determine the specific attachment related fields that the users can see on those objects, “GetFile” privileges to specify what kinds of files users are able to download, “Modify” privileges, etc… All of these can be customized to any level of granularity you can think of and there isn’t any limit to the number of specific privilege masks you can create.
This is all very high level of course as it is probably a bit too complex to get into all the ins and outs of the security model here, but the point is that the security in Agile is just about as flexible as you could hope for in any system.
Thank you for the information.
I will need to review further. My initial concern is the ability exits in Agile to limit access to attachments tied to specific objects. One additional question is what option(s) exist for defining objects as limited access?
We use a “View in Taiwan” yes or no drop down on practically everything (items, change objects, etc.). Our guys in Taiwan can only READ objects that are marked as Yes for this field. There’s a bunch of criteria we’ve used that are tied to the specific READ accesses.
That kind of thing is basically what Danny is referring to above.
Similar to Matt’s example above – We have “Access Control” fields (P2 MultiList attributes which use the ‘User Groups’ list) that can be enabled for any type of object that may require access restrictions.
- Criteria 1 – “Parts with No Access Restriction” (Parts Page Two.Access Control is Null)
- Criteria 2 – “Parts for my Group” (Parts Page Two.Access Control Contains $USERGROUP)
These criteria are used for different Discovery Privileges:
- Discovery Priv 1 (Uses Criteria 1) – “Discover Parts No Access Restriction”
- This allows the user to find unrestricted parts
- Discovery Priv 2 (Uses Criteria 2) – “Discover Parts For My Group”
- This allows the logged in user to find restricted parts IF he/she is a member of the user group populated in the “Access Control” field.