Permissions on functions in Manager

Manager has built in permissions to control which functions different users have access to. The function can also be used to turn off storages which are not used for a customer or user. The function works in SE mode only.

Version 5.0

This functionality is available in version 5.0 and later.

Instructions

Various functions in Manager can be controlled by permissions. Each function controlled by a permission is called a resource. Resources may be grouped together into groups, and users can then be assigend to these groups allowing the users in the groups access to the resources in those groups. How users management is handled is controlled in the options dialogue.

Permissions handling may be turned on or off. If it is turned off no permissions checks will occur to any function.
The groups for an user may be fetched from Windows groups or managed manually in the Manager.

The function is available in SE mode only, and users always have full access when starting Manager in stand alone mode.

Manual handling of users in Manager

If the manual user administration option is used, which users are assigned to which groups is controlled in the user permissions dialogue.

Create new button will bring up a dialogue where user name can be typed and groups selected. The groups are defined in the permissions.config file and in specification-columns.config file.

Edit button will allow to edit user name and assigned groups.

Delete button will allow to delete an user after confirmation.

User name

The user name added in Manager has to match the Windows user name. The user name in Manager will be matched with Windows user name independent of large/small caps.

The user’s connection to groups are managed saved in a settings file, “UserPermissionGroup.config”. This file may also be used to turn user permissions in Manager off by setting the tag ConfigEnabled.

<?xml version="1.0" encoding="utf-8"?>
<MultiplePermissionsList xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <!-- Turn user permissions in Manager on or off -->
  <ConfigEnabled>true</ConfigEnabled>
  <WindowsGroupEnabled>false</WindowsGroupEnabled>
  <UserPermissions>
    <UserPermission>
      <PermissionGroup>Sample</PermissionGroup>
      <Users>
        <string>user1</string>
      </Users>
    </UserPermission>
  </UserPermissions>
</MultiplePermissionsList>

Finding the user name

The Windows user name can be found in Windows, but it is also shown in the About dialogue under help menu.

Available permissions

The following permissions are available.

Resource name <Name>	Note

Resource name <Name>	Note
Administration	Permitted to change between stand alone and sites. Version 5.1 and later.
BrandMenuAccess	Permitted to access Brand Menu in manager
BulletinsStorageAccess	Permitted to access bulletin in manager
CatalogueStorageAccess	Permitted to access catalogues in manager
ContentSetStorageAccess	Permitted to access content set in manager
DocumentStorageAccess	Permitted to access documents in manager
FilterAccess	Permitted to access filter in manager
FootNotesStorageAccess	Permitted to access footnotes in manager
IllustrationStorageAccess	Permitted to access illustration in manager
ImagesStorageAccess	Permitted to access images in manager
ImportAccess	Permitted to access import in manager
LanguageMenuAccess	Permitted to access Language Menu in manager
PartAssemblyStorageAccess	Permitted to access part assembly in manager
PartRelationAccess	Permitted to access part relations storage (requires license also)
PartReplacementsStorageAccess	Permitted to access part replacement in manager
PartStorageAccess	Permitted to access part in manager
PresentationTypeMenuAccess	Permitted to access presentation type Menu in manager
PublicationAccess	Permitted to access publication in manager
SearchAccess	Permitted to access search in manager
SettingAdminstration	Permitted to adminstrate setting in manager
SpecificationsStorageAccess	Permitted to access specification in manager
SpecificationTypeCategoryMenuAccess	Permitted to access Specification type category Menu in manager
SpecificationTypeMenuAccess	Permitted to access Specification type Menu in manager
TaskSchedule	Permitted to access Task Scheduler function
TextRepositoryAccessDeleteRowMenu	Permitted to access text repositoty delete function in manager
TextStorageAccess	Permitted to access text storage in manager
Tickets	Permitted to open tickets application in web page
XlsImportRowMenu	Permitted to access import menu option to import parts, specifications, catalogues and part assemblies as xlsx in storages.
ValidateAccess	Permitted to validate databases

Configuration

How resources are connected to groups is controlled by the permissions.config file.

Data permissions

In Manger it is also possible to add permissions on data. Note that the tag <DataPermissionEnabled> must be used for a permission to appear as a permission on data in Manager in version 5.0 and later.

permissions.config

<?xml version="1.0" encoding="utf-8"?>
<ResourceConfiguration xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	<RecourcePermissions>
		<ResourcePermission>
			<IsChanged>false</IsChanged>
			<Id>6</Id>
			<Enabled>true</Enabled>
			<Name>PresentationTypeMenuAccess</Name>
			<Note>Permitted to access presentation type Menu in manager</Note>
			<Groups>
				<string>GlobalAdmin</string>
			</Groups>
		</ResourcePermission>
		<ResourcePermission>
			<IsChanged>false</IsChanged>
			<Id>14</Id>
			<Enabled>true</Enabled>
			<Name>SpecificationsStorageAccess</Name>
			<Note>Permitted to access specification in manager</Note>
			<Groups>
				<string>GlobalAdmin</string>
				<string>RegionalAdmin</string>
			</Groups>
		</ResourcePermission>
		<ResourcePermission>
			<IsChanged>false</IsChanged>
			<Id>21</Id>
			<Enabled>true</Enabled>
			<Name>PartStorageAccess</Name>
			<Note>Permitted to access part in manager</Note>
			<Groups>
				<string>GlobalAdmin</string>
				<string>RegionalAdmin</string>
				<string>User</string>
			</Groups>
		</ResourcePermission>


		<!-- Data permission used to give access to data in web viewer -->
		<ResourcePermission>
			<IsChanged>false</IsChanged>
			<!-- Make this permission appear in permissions dialogue on data -->
			<DataPermissionEnabled>true</DataPermissionEnabled>
			<Id>26</Id>
			<Enabled>true</Enabled>
			<Name>Internal</Name>
			<Note>Internal documentation, not for external usage</Note>
			<Groups/>
		</ResourcePermission>
	</RecourcePermissions>
</ResourceConfiguration>

Permissions on specification types

It is possible to restrict users from adding, modifying and removing specifications of a certain type in the specification storage or from other place where specifications may be added or modified.

specification-columns.config

<?xml version="1.0" encoding="utf-8"?>
<ExtendedSpecificationColumnConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
	<Enabled>true</Enabled>
	<Items>
		<ExtendedSpecificationColumn>
			<Enabled>true</Enabled>
			<!-- Refer to a specification type based on its persistent identity -->
			<PersistentIdentity>NLACode</PersistentIdentity>
			<!-- Specifications of this specification type (NLACode) will be possible to add, modifiy and delete if user belongs to these groups -->
			<Permissions>GlobalAdmin,RegionalAdmin</Permissions>
			<EnabledBaseTypes>Part</EnabledBaseTypes>
			<EnabledPresentationTypeCodes>Kit</EnabledPresentationTypeCodes>
		</ExtendedSpecificationColumn>
	</Items>
</ExtendedSpecificationColumnConfiguration>

Signifikant Knowledge Base