Permissions on functions in Manager
Manager has built in permissions to control which functions different users have access to. The function can also be used to turn off storages which are not used for a customer or user. The function works in SE mode only.
Version 5.0
This functionality is available in version 5.0 and later.
Instructions
Various functions in Manager can be controlled by permissions. Each function controlled by a permission is called a resource. Resources may be grouped together into groups, and users can then be assigend to these groups allowing the users in the groups access to the resources in those groups. How users management is handled is controlled in the options dialogue.
Permissions handling may be turned on or off. If it is turned off no permissions checks will occur to any function.
The groups for an user may be fetched from Windows groups or managed manually in the Manager.
The function is available in SE mode only, and users always have full access when starting Manager in stand alone mode.
Manual handling of users in Manager
If the manual user administration option is used, which users are assigned to which groups is controlled in the user permissions dialogue.
Create new button will bring up a dialogue where user name can be typed and groups selected. The groups are defined in the permissions.config file and in specification-columns.config file.
Edit button will allow to edit user name and assigned groups.
Delete button will allow to delete an user after confirmation.
User name
The user name added in Manager has to match the Windows user name. The user name in Manager will be matched with Windows user name independent of large/small caps.
The user’s connection to groups are managed saved in a settings file, “UserPermissionGroup.config”. This file may also be used to turn user permissions in Manager off by setting the tag ConfigEnabled.
<?xml version="1.0" encoding="utf-8"?>
<MultiplePermissionsList xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Turn user permissions in Manager on or off -->
<ConfigEnabled>true</ConfigEnabled>
<WindowsGroupEnabled>false</WindowsGroupEnabled>
<UserPermissions>
<UserPermission>
<PermissionGroup>Sample</PermissionGroup>
<Users>
<string>user1</string>
</Users>
</UserPermission>
</UserPermissions>
</MultiplePermissionsList>
Finding the user name
The Windows user name can be found in Windows, but it is also shown in the About dialogue under help menu.
Available permissions
The following permissions are available.
Resource name <Name> | Note |
|---|---|
Administration | Permitted to change between stand alone and sites. Version 5.1 and later. |
BrandMenuAccess | Permitted to access Brand Menu in manager |
BulletinsStorageAccess | Permitted to access bulletin in manager |
CatalogueStorageAccess | Permitted to access catalogues in manager |
ContentSetStorageAccess | Permitted to access content set in manager |
DocumentStorageAccess | Permitted to access documents in manager |
FilterAccess | Permitted to access filter in manager |
FootNotesStorageAccess | Permitted to access footnotes in manager |
IllustrationStorageAccess | Permitted to access illustration in manager |
ImagesStorageAccess | Permitted to access images in manager |
ImportAccess | Permitted to access import in manager |
LanguageMenuAccess | Permitted to access Language Menu in manager |
PartAssemblyStorageAccess | Permitted to access part assembly in manager |
PartRelationAccess | Permitted to access part relations storage (requires license also) |
PartReplacementsStorageAccess | Permitted to access part replacement in manager |
PartStorageAccess | Permitted to access part in manager |
PresentationTypeMenuAccess | Permitted to access presentation type Menu in manager |
PublicationAccess | Permitted to access publication in manager |
SearchAccess | Permitted to access search in manager |
SettingAdminstration | Permitted to adminstrate setting in manager |
SpecificationsStorageAccess | Permitted to access specification in manager |
SpecificationTypeCategoryMenuAccess | Permitted to access Specification type category Menu in manager |
SpecificationTypeMenuAccess | Permitted to access Specification type Menu in manager |
TaskSchedule | Permitted to access Task Scheduler function |
TextRepositoryAccessDeleteRowMenu | Permitted to access text repositoty delete function in manager |
TextStorageAccess | Permitted to access text storage in manager |
Tickets | Permitted to open tickets application in web page |
XlsImportRowMenu | Permitted to access import menu option to import parts, specifications, catalogues and part assemblies as xlsx in storages. |
ValidateAccess | Permitted to validate databases |
Configuration
How resources are connected to groups is controlled by the permissions.config file.
Data permissions
In Manger it is also possible to add permissions on data. Note that the tag <DataPermissionEnabled> must be used for a permission to appear as a permission on data in Manager in version 5.0 and later.
permissions.config
<?xml version="1.0" encoding="utf-8"?>
<ResourceConfiguration xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RecourcePermissions>
<ResourcePermission>
<IsChanged>false</IsChanged>
<Id>6</Id>
<Enabled>true</Enabled>
<Name>PresentationTypeMenuAccess</Name>
<Note>Permitted to access presentation type Menu in manager</Note>
<Groups>
<string>GlobalAdmin</string>
</Groups>
</ResourcePermission>
<ResourcePermission>
<IsChanged>false</IsChanged>
<Id>14</Id>
<Enabled>true</Enabled>
<Name>SpecificationsStorageAccess</Name>
<Note>Permitted to access specification in manager</Note>
<Groups>
<string>GlobalAdmin</string>
<string>RegionalAdmin</string>
</Groups>
</ResourcePermission>
<ResourcePermission>
<IsChanged>false</IsChanged>
<Id>21</Id>
<Enabled>true</Enabled>
<Name>PartStorageAccess</Name>
<Note>Permitted to access part in manager</Note>
<Groups>
<string>GlobalAdmin</string>
<string>RegionalAdmin</string>
<string>User</string>
</Groups>
</ResourcePermission>
<!-- Data permission used to give access to data in web viewer -->
<ResourcePermission>
<IsChanged>false</IsChanged>
<!-- Make this permission appear in permissions dialogue on data -->
<DataPermissionEnabled>true</DataPermissionEnabled>
<Id>26</Id>
<Enabled>true</Enabled>
<Name>Internal</Name>
<Note>Internal documentation, not for external usage</Note>
<Groups/>
</ResourcePermission>
</RecourcePermissions>
</ResourceConfiguration>Permissions on specification types
It is possible to restrict users from adding, modifying and removing specifications of a certain type in the specification storage or from other place where specifications may be added or modified.
specification-columns.config
<?xml version="1.0" encoding="utf-8"?>
<ExtendedSpecificationColumnConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<Enabled>true</Enabled>
<Items>
<ExtendedSpecificationColumn>
<Enabled>true</Enabled>
<!-- Refer to a specification type based on its persistent identity -->
<PersistentIdentity>NLACode</PersistentIdentity>
<!-- Specifications of this specification type (NLACode) will be possible to add, modifiy and delete if user belongs to these groups -->
<Permissions>GlobalAdmin,RegionalAdmin</Permissions>
<EnabledBaseTypes>Part</EnabledBaseTypes>
<EnabledPresentationTypeCodes>Kit</EnabledPresentationTypeCodes>
</ExtendedSpecificationColumn>
</Items>
</ExtendedSpecificationColumnConfiguration>Import
Related articles