Security - SmartPlant Foundation - IM Update 44 - Customization & Programming - Hexagon

SmartPlant Foundation Customization

Language
English
Product
SmartPlant Foundation
Search by Category
Customization & Programming
SmartPlant Foundation / SDx Version
10

The security model defined by SmartPlant Foundation is enforced when the methods defined below are used. For example, if a user doesn't have permission to query for an object then any web method that performs a query returns an error.

  • For both upload methods and the upload file instruction, the user has access to a method that is related to the Desktop Client loader client API. Instead of checking each object and determining whether it exists or not to create or update the object, the software checks access to the Desktop Client loader.

  • For the "GET" web methods by classdef, user access to a QFind method for one of the realized interfaces (excluding IObject) is checked.

  • For the QUERY web method, user access to a QueryObject method that is configured for the classdef is checked. If one is not found, the software checks to ensure the user has QFind access to one of the realized interfaces.

  • For relationship expansion, user access to the reldef via the reldef access group relationship is checked.

  • For the overloaded "GET" web methods that allow an interfacedef to be given as criteria, the user access is checked and the interfacedef is exposed via the QFind method to which the user has access.

Any web methods that take OBID(s) as criteria don’t perform any security checks because the assumption is that a previous web method was used to obtain the OBID.