Permissions in the repository

It’s possible to define permissions on a content (for example, a folder or a document). For that purpose, place the cursor on the folder or the document line and click on « More » and then on « Manage permissions ».

A permission is defined by:

  • A group of users or a user (to search a group or a user, write the first letters of its name);
  • A role: > Consumer: can consult content; > Editor: can edit content; > Contributor: can add and edit his documents; > Collaborator: can add and edit his documents and other users documents; > * Manager: can delete content of other user, add rules etc.

Rights matrix details:

https://docs.alfresco.com/content-services/latest/using/permissions/

A folder can inherit permissions defined on its parent folder.

Fields permissions

General Permissions

beCPG allows restricting access to certain fields of the model by user groups. To do this, go to the "Security" folder of the repository and create a new entity. This entity corresponds to a group of permissions applied to a beCPG node type. Once the entity is created, edit its properties and select the node type for which the permission is enabled:

Here, permissions are created on the node type « Finished Product ». To define the rights on properties, click on the « ACL » list:

Add new permissions to the data list via the "New Item" button:

Three basic rules can be established:

  • If a group has the « Read » permission on a field, others don’t access the field ;
  • If a group has the « Read and write » permission on a field, others have the « Read » permission on the field ;
  • By default, a field is accessible in reading and writing mode.

Once the rule is chosen, it is automatically applied to the properties of the concerned model.

Local Permissions

It is also possible to implement local permissions to specifically target certain products.

To do this, proceed through editing the properties of the security rule and click on the "Local Permission" button.

For the application of the rule to the products of your choice, two methods are available:

  • Manually add the rule to products: This approach allows you to individually select the products that require permissions. Simply access the product in question in beCPG and directly apply the permission rule to it. First, verify that the security aspect is among the currently selected aspects. If not, add the aspect in this way:

Adding this aspect conditions the appearance of the "Security Rule" field in the product properties. Then manually add the rules created at the administration level.

  • Automatically add the rule via a formula that defines the conditions of application. This formula, based on criteria specific to each case, mainly uses the SPEL language and can be applied on the product template for more efficient management on a large scale. For example, you can apply the security rule to all raw materials supplied by a specific provider. This method ensures that permissions are correctly assigned without requiring repetitive manual interventions.

Permission on fields: Confidentiality & security rules

Security rules help to manage system rights when they are defined. They apply to all of PLM. You can however define product by product rules with the "Security" aspect. These rules of confidentiality take precedence and are directly associated with the product.

Functioning :

  • Create a security rule
  • Identify the rule as a local permission rule by validating the field
  • Configure your rules (e.g. visibility right for the Composition list)
  • Add the Security Aspect (sec:securityAspect) on the target entity
  • Add the rule with the local permissions to the product with the field: "Security rule"

Application of the rules :

  • Formulation of the product

Example of using the security aspect : Allow or not the visibility of the composition of a semi-finished product by users. They will be able to use the semi-finished but the composition of the latter will not be visible (the composition will not unfold, impossible to carry out a "duplication of children"). Only authorized persons will be able to read and modify the composition of the semi-finished product.

Permissions on reports

It’s possible to define rights on technical sheets so that their consultation and/or their edition is rigorously managed.

For that purpose :

  1. Go to: Repository> System> Reports> Product reports;
  2. Select the folder corresponding to the type of products of which you want to manage the technical sheets (finished product, raw material …);
  3. Place the cursor on the line corresponding to the concerned technical sheet and click on « More » and then on « Manage permissions »;
  4. If the default configuration doesn’t suit you, which means that you don’t want everybody to have the right to consult the technical sheet as a « Consumer », click on « Inherit permissions ». Thus, the logo turns from « Check » sign to « No entry » sign so that you can administrate your own rights.
  5. Click on « Add a user/group » to give rights only to some users or groups on this technical sheet. Once the user or the group selected, give it a rôle (consumer, collaborator etc.);
  6. Click on « Save »;
  7. Finally, place the cursor on the line corresponding to the technical sheet and click on « More » and then on « Update permissions ».

Permissions on projects

beCPG enables to define rights on projects:

  • Either on folders which specifically contain projects. For that purpose, consult the documentation concerning the permissions on folders, available at:

ADDRESS

  • Either on individual projects. For this matter:

  • Go to the folder containing the project in question;

  • Place the cursor on the line corresponding to the project and click on « More » and then on « Manage permissions »;
  • If the default configuration doesn’t suit you, which means that you don’t want everybody to have the right to consult the project as a « Consumer », click on « Inherit permissions ». Thus, the logo turns from « Check » sign to « No entry » sign so that you can administrate your own rights ;
  • Click on « Add a user/group » to give rights only to some users or groups on this project. Once the user or the group selected, give it a rôle (consumer, collaborator etc.);
  • Click on « Save » ;

N.B : a user or a group of users defined as « Consumer » on a project won’t have the right to add new tasks neither to modify or delete tasks UNLESS they are assigned to these tasks !

Depending of their rights, users won't have the same access. For example, a consumer won't have the right to modify a task if the task is not assigned to him.

However, the user can modified tasks which are assigned to him.

Permissions on folders in the document list

It is possible to define rights on folders contained in the Documents list of entities (e.g. deleting the inheritance of permissions on a folder and then creating specific permissions). Permissions are defined at template level and apply to all entities associated with the template.

Permissions are applied when entities are created, or to existing entities when they are formulated, or when models are synchronized.

When synchronizing templates, folder rights for existing entities are synchronized:

  • Either folders do not exist: they are created with the associated permissions.

  • Either the folders exist: if the spelling of the folders is identical, the permissions are updated.

If the entities contain folders different from those present in the model:

  • either folders are empty: they are simply deleted

  • or folders are full: they are retained, but automatically inherit the permissions of the parent folder. If bridging rights had been previously determined, they will be deleted.

**N.B.: Subfolders inherit the permissions of the folder in which they are contained.

Permissions on change orders

If you want to create a change order, you need to have the right permissions.

There are 2 different permissions :

  • beCPG Change orders creators (CreateChangeOrder) : you can create a change order but you can not apply one.
  • beCPG Change orders managers (ApplyChangeOrder) : you can apply a change order.

beCPG Change orders managers and the administrator are the only ones able to apply a change order.

How to change users permission: see here

results matching ""

    No results matching ""