Configure method access - SmartPlant Foundation - IM Update 46 - Help - Hexagon

SmartPlant Foundation Help

Language
English
Product
SmartPlant Foundation
Search by Category
Help
SmartPlant Foundation / SDx Version
10
SmartPlant Markup Plus Version
10.0 (2019)
Smart Review Version
2020 (15.0)

Methods are exposed on the shortcut menu of an object, menus, toolbar, and quick find options. To find which access groups are related to which methods, either expand Show Access Groups from the method or use File > New > Report and run the method report, which supports filtering by API and so on.

Methods are exposed to users through their relationships with roles -- access groups are associated with a role and their methods are then available to users in that role.

The relationships between methods and access groups can be configured in a number of ways:

  • When creating the relationships through drag and drop (access group onto method or vice versa) or updating it using Edit Relationships, select the Maintain Attributes link on the confirmation dialog box to display a form where you can limit access.

  • Use the Manage Access Groups command from the method. This interface allows for drag and drop of access groups onto the method and list editing of the relationship properties.

  • Use the Manage Methods command from the access group. This interface allows for drag and drop of methods onto the access group and list editing of the relationship properties.

The following subsections describe what these options are used for and how best to configure them.

Restricting update access to configuration-controlled objects

A client API configured as updating ("Is a create configuration client API" flag on the API set to true) will not expose its shortcut menu methods on configuration-controlled objects unless the user sets the create configuration scope to the existing configuration of the object. For example, a document created in a project cannot be updated unless the create configuration scope is set to that project.

Allowing update access to configuration-controlled objects

If a method on a shortcut menu is created using a client API that uses the Is an object configuration client API option, the method will be available on the shortcut menu of an object even if the user has a different create configuration set. For example, if a query is run for all design documents created in different configurations, then the shortcut menu can be used to check out one of the documents returned, even if it belongs to a different configuration than the one set as the create scope.

The user must have access permissions to the method in the object configuration.

Restricting method access by conditions

A method can be related to a condition that must be satisfied before the method can be run. A condition can also be configured on the method/access group relationship, and this condition must be satisfied when users in that access group try to run the method.

For example, the document revise method may only be available to engineers on CURRENT documents, but a manager may be able to revise a SUPERSEDED document as well. In this case, the condition on the method would be IsCURRENTorSUPERSEDED, and the condition on the method/engineering access groups would be IsCURRENT. There would be no need for a condition on the method to manage access groups because it would pick up the one on the method.

Restricting method access by object ownership

You can restrict method access based on the ownership of an object so that the user must be either the owner of the object or related to the owning group found on the role/access group relationship for the access group. To do this, when the access group is related to a method, the “Filter by ownership” property needs to be set.

When an owning group is set on the role – access group relationship, this means that all the functionality granted by that access group can be restricted to objects that have that owning group – the methods on the access group are not automatically restricted in this way, the filter by ownership property also needs to be set on the method – access group relationship.

When the shortcut menu is evaluated, the system first checks if the owning group filter flag is set on the method – access group relationship. Then if set, it also checks if the role/access group relationship has an owning group. If the selected object has an owning group, it must be one of those on the role – access group relationship for the method to be available to the user.

Examples

In the above diagram, the electrical editor has access to the DocUpdate access group which gives update access to working documents (but only electrical documents due to filter set to true).

The user with open access can update any checked in document because there is no condition on their filter.

Restricting method access to object workflow recipients

You can restrict method access to only workflow action recipients if the object is in workflow. To do this, when the access group is related to a method, the "Restrict to workflow recipients" property needs to be set.

When set, this restricts access to the method when the object is in a workflow. When the object is in a workflow, the method is only available to users that are recipients of an action for the current workflow step. Information only recipients do not get the method even if they are recipients of the current step.