Authorization

Teamcenter 8.3

Authorization Guide

Publication NumberPLM00110 F

Proprietary and restricted rights notice

This software and related documentation are proprietary to Siemens ProductLifecycle Management Software Inc.

© 2010 Siemens Product Lifecycle Management Software Inc. All Rights Reserved.

All trademarks belong to their respective holders.

2 Authorization Guide PLM00110 F

Contents

Proprietary and restricted rights notice . . . . . . . . . . . . . . . . . . . . . . . . . 2

Getting started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Authorization interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2Teamcenter rich client perspectives and views . . . . . . . . . . . . . . . . . . . . . . . . 1-2Basic concepts of using Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3Basic tasks using Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

Configuring access to Teamcenter administrative applications . . . . . . 2-1

Configure access to applications by group or by role in group . . . . . . . . . . . . . 2-1

Configuring access to Teamcenter utilities . . . . . . . . . . . . . . . . . . . . . . . 3-1

Configure access to utilities by group or by role in group . . . . . . . . . . . . . . . . 3-1

Sharing authorization rules with other Teamcenter sites . . . . . . . . . . . 4-1

Export authorization rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1Import authorization rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Index-1

PLM00110 F Authorization Guide 3

Chapter

1 Getting started

Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Authorization interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Teamcenter rich client perspectives and views . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Basic concepts of using Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3System-level authorization rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4Group hierarchy support for authorization rules . . . . . . . . . . . . . . . . . . . 1-4

Basic tasks using Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

PLM00110 F Authorization Guide

Chapter

1 Getting started

Authorization enables you to control access to Teamcenter administrativeapplications and utilities based on users’ group membership or role in a group.

For example, you can:

• Grant all members of theDBA Lite group access to the Organization application,regardless of their role within the group.

• Grant users who occupy the importer role in the DBA Lite group access to thePLM XML Export Import Administration application.

Authorization works in conjunction with other Teamcenter applications to controlaccess to product features and data, as follows:

• Access to product features is controlled using the Command Suppressionapplication.

For more information, see the Command Suppression Guide.

• Access to operations on objects, such as delete, copy, and change ownership, iscontrolled by configuring rules in Access Manager.

For more information, see the Security Administration Guide and the AccessManager Guide.

Before you beginPrerequisites You need Teamcenter administrator privileges to use

Authorization.

EnableAuthorization

Authorization does not need to be enabled before you use it, butduring installation, this feature must be selected.

If you have trouble accessing Authorization, see your systemadministrator; it may be a licensing issue.

Note

You can log on to Teamcenter only once. If you try to logon to more than one workstation at a time, you see anerror message.

ConfigureAuthorization

Authorization does not need to be configured.

PLM00110 F Authorization Guide 1-1

Chapter 1 Getting started

StartAuthorization

Click Authorization in the navigation pane.

Authorization interface

1 Authorization QuickLinks

Enables you to choose either utilities orapplications for configuration.

2 Organization tree Displays the groups and roles in yourorganization. You can choose which utilitiesor administrative applications are displayedin the interface for a selected group or for aselected role within a group.

3 Available Applications Displays the list of administrative utilities orapplications that can be shown or hidden.

4 Shown Applications Displays the list of administrative utilities orapplications that are shown in the interface forthe selected group or role in group.

Teamcenter rich client perspectives and viewsWithin the Teamcenter rich client user interface, functionality is providedin perspectives and views. Use perspectives and views to rearrange how thefunctionality is presented.

PerspectivesAre containers for a set of views and editors that exist within the perspective.

1-2 Authorization Guide PLM00110 F

Getting started

• A perspective exists in a window along with any number of otherperspectives, but only one perspective can be displayed at a time.

• You can add and rearrange views to display multiple sets of informationsimultaneously within a perspective.

• You can save a rearranged perspective with the current name, or create anew perspective by saving the new arrangement of views with a new name.

Note

Your administrator can use the HiddenPerspectives preference toprevent the display of some Teamcenter perspectives in the rich client.

For information about editing preference values, see the Preferences andEnvironment Variables Reference.

ViewsEnable you to navigate a hierarchy of information, display information aboutselected objects, open an editor, or display properties.

• Views that work with related information typically react to selection changesin other views.

• Changes to data made in a view can be saved immediately.

• Any view can be opened in any perspective, and any combination of viewscan be saved in a current perspective or in a new perspective.

• Objects selected in a view may provide context for a shortcut menu. Theshortcut menu is usually displayed by right-clicking.

For more information about using the shortcut menu, see the Rich ClientInterface Guide.

Note

If your site has online help installed, you can access application and viewhelp from the rich client Help menu or by pressing F1. Some views, such asCommunication Monitor, Print Object, Outline, Palette, and Progress, arenot specifically associated with a particular perspective.

For more information about unassociated views, see the Rich ClientCustomization Programmer’s Guide.

For more information about perspectives and views and changing the layout of yourrich client window, see the Rich Client Interface Guide.

Basic concepts of using AuthorizationAuthorization rules allow you to control access to Teamcenter administrativeapplications and utilities based on groups. System-level rules are delivered as partof your Teamcenter installation, and you can create additional rules to support yourbusiness processes using the Authorization application.


Chapter 1 Getting started

System-level authorization rules

System-level authorization rules are those rules delivered as part of your standardTeamcenter installation that govern access to administrative applications andutilities. By default, Teamcenter supplies two groups for administrative purposes,the Project Administration group and the dba group.

Project Administration group members only have access to the Projectapplication, which allows them to create, delete, modify, and add users to or removeusers from projects. dba group members are granted access to all Teamcenteradministrative applications and utilities.

Often, administrative tasks are assigned at a functional level corresponding to yourbusiness practices. For example, responsibility for administering user data suchas personal and organization information may be assigned to one group, whilea different group may be responsible for designing workflow processes. In suchcases, dba group privileges are more broad and powerful than is necessary ordesirable. Authorization enables you to create authorization rules to model access toadministrative tools to your business processes.

Group hierarchy support for authorization rules

Groups within the organization tree can be configured into one or more hierarchies.Each group has exactly one parent group (unless it is at the root of the hierarchy,when it has no parent group), and each group can have one or more child groups(subgroups).

Authorization rules are inherited within the group hierarchy, as follows:

• Rules defined for a parent group are inherited by all subgroups of the parentgroup.

• Rules defined at the subgroup level apply only to that subgroup.

Note

In the event that two subgroups of different parentage share the same name,rules defined for one parent group are not inherited by the same-namesubgroup of the other parent group. For example, if both theManufacturinggroup and the Design group have a Validation subgroup, authorization rulesdefined for theManufacturing group apply only to the Validation subgroupthat is directly related to theManufacturing group. Likewise, authorizationrules defined for the Design group apply only to the Validation subgroupthat is directly related to the Design group.

Basic tasks using AuthorizationUse Authorization to perform the following tasks:

• Configure access to Teamcenter administrative applications.

• Configure access to Teamcenter utilities.

• Share administration authorization rules with other Teamcenter sites.


Chapter

2 Configuring access to Teamcenteradministrative applications

Configure access to applications by group or by role in group . . . . . . . . . . . . . 2-1


Chapter

2 Configuring access to Teamcenteradministrative applications

The following applications are supported for access configuration usingAuthorization:

AccessManager

Business Modeler IDE PLM XML Export Import Administration

ADA License ClassificationAdministration

Project

AppearanceConfiguration

CommandSuppression Setup Wizard

AuditManager

eIntegrator Admin Subscription Monitor

Authorization Organization Workflow Designer

You can configure access to these applications by group or by role in group.

Note

You can also set the TC_authorization_mode preference to specify whetherto evaluate all the group memberships of users and their role in those groupswhen authorizing access to an application or to evaluate their current grouplogon and role in that group.

Configure access to applications by group or by role in group1. Click the Applications link in the Quick Links section of the navigation pane.

2. Expand the Organization tree and click the group or role to whom you wantto grant or deny application access.

3. Select the application that you want to grant access to from the AvailableApplications list. Click Add to move the application to the ShownApplications list.

Tip

If the Available Applications list is empty, click any group or role symbolin the Organization tree to refresh the list.


Chapter 2 Configuring access to Teamcenter administrative applications

4. Click Save.


Chapter

3 Configuring access to Teamcenterutilities

Configure access to utilities by group or by role in group . . . . . . . . . . . . . . . . 3-1


Chapter

3 Configuring access to Teamcenterutilities

The following utilities are supported for access configuration using Authorization:

data_share export_recovery purge_invalid_subscriptions

data_sync find_processes update_project_data

database_verify fsc_admin dsa_util

You can configure access to these utilities by group or by role in group.

Configure access to utilities by group or by role in group1. Click the Utilities link in the Quick Links section of the navigation pane.

2. In the Authorization application pane, expand the Organization tree and clickthe group or role to whom you want to grant or deny utility access.

3. Select the utility that you want to grant access to from the Available Utilitieslist. Click Add to move the utility to the Shown Utilities list.

Tip

If the Available Utilities list is empty, click any group or role symbol in theOrganization tree to refresh the list.

4. Click Save.


Chapter

4 Sharing authorization rules withother Teamcenter sites

Export authorization rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Import authorization rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1


Chapter

4 Sharing authorization rules withother Teamcenter sites

Authorization rules can be exported to an operating system directory as an XML filethat can then be imported at another Teamcenter site, allowing you to synchronizeauthorization rules between sites that share data.

Export authorization rules1. In the Authorization application pane, click the exportRule button.

2. In the exportRule dialog box, navigate to the directory location where you wantto save the rule file.

3. Type a name for the file in the File name box.

Note

The file is output in XML format; therefore, the file name must end in.xml.

4. Click the exportRule button.

The authorization rule file is saved in the operating system directory that youspecified in step 2.

Import authorization rules1. In the Authorization application pane, click the importRule button.

2. In the importRule dialog box, navigate to the directory containing theauthorization rule file that you want to import.

Note

Rule files are XML files.

3. Select the authorization rule file.

4. Click the importRule button.

The authorization rule file is imported in to Teamcenter.


Appendix

A Glossary


Appendix

A Glossary

A

Access Manager (AM)Teamcenter application that enables the system administrator to grant users accessto Teamcenter objects.

Appearance ConfigurationTeamcenter application used to configure the use of appearance:

• Defining the appearance sets for which the site tracks appearances.

• Configuring the mapping of occurrence notes into appearance attributes.

Audit ManagerTeamcenter application that enables a system administrator to define auditdefinition objects, enable/disable audit trail logging, and control audit log access.Audit definition objects create audit logs that users can view from Teamcenterapplications. Users can audit any Teamcenter object and event type with an auditdefinition.

AuthorizationTeamcenter application that enables access control of administrative applicationsand utilities.

B

Business Modeler IDETeamcenter application that enables a customer to define the following data modelobjects: business objects, classes, attributes, lists of values, and rules.

C

Classification AdministrationTeamcenter application that enables a system administrator to define the groups,classes, subclasses, and views that form the Classification hierarchy.

Command SuppressionTeamcenter application that enables the system administrator to control thedisplay of menu and toolbar commands within Teamcenter applications. CommandSuppression allows suppressing the display of commands for an entire grouphierarchy or a specific role within the hierarchy, for entire groups of users, and forusers who are assigned a role within a group. It also allows suppressing the displayof specific commands on a designated menu or the display of entire menus.

PLM00110 F Authorization Guide A-1

Appendix A Glossary

E

eIntegrator AdminTeamcenter application that provides a simple integration mechanism you can useto integrate external data with Teamcenter. eIntegrator Admin maps external datasystems into equivalent objects in its database. The data can then be imported intothe database as forms.

G

groupOrganizational grouping of users at a site. Users can belong to multiple groupsand must be assigned to a default group.

O

OrganizationTeamcenter application that enables a system administrator to create and managecritical Teamcenter files and database entries. It is the point of access for creating acompany’s virtual organization and for performing system administration activitiessuch as volume creation, maintenance, and site administration. Organizationenables creation and management of person, user, role, and group definitions;definition of the hierarchical structure of the Teamcenter organization; managementof data volumes; and establishment and maintenance of Teamcenter sites.

P

PLM XMLSiemens PLM Software format for facilitating product life cycle interoperabilityusing XML. PLM XML is open and based on standard W3C XML schemas.Representing a variety of product data both explicitly and via references, PLMXML provides a lightweight, extensible, and flexible mechanism for transportinghigh-content product data over the Internet.

projectBasis for identifying a group of objects available to multiple organizations, such asproject teams, development teams, suppliers, and customers for a particular pieceof work.

R

Report GeneratorTeamcenter’s manufacturing process management application that provides aformat for producing reports about information in Teamcenter’s manufacturingprocess management.

roleFunction-oriented cluster of users that models skills and/or responsibilities. Thesame roles are typically found in many groups. In Access Manager, role is an accessorused to grant privileges to all users with the same skills and/or responsibilitiesregardless of project.

A-2 Authorization Guide PLM00110 F

Glossary

role in groupSpecific role in a specific group. In Access Manager, role in group is an accessorused to grant privileges to all users with the same skills and/or responsibilitiesin the same group.

S

Setup WizardTeamcenter application that facilitates postinstallation setup of a Teamcenterdatabase using an input file to populate the information required to create thebasic components of the Teamcenter organization. Using Setup Wizard, a systemadministrator can create user/person definitions, assign a group/role to a user, andoptionally define a default volume for assigned groups.

subscriptionCombination of a workspace object and event to which a Teamcenter user requestsnotification of occurrence. Teamcenter notifies a subscribed user when the eventoccurs in association with the object. Users can subscribe to objects from Teamcenterapplications, such as My Teamcenter and Structure Manager.

W

Workflow DesignerTeamcenter application that enables administrators to graphically design workflowprocess templates, incorporating company business practices and procedures intothe templates. Teamcenter users initiate workflow processes using these templates.

PLM00110 F Authorization Guide A-3

Index

AApplication access, granting . . . . . . . . . . 2-1AuthorizationBasic tasks . . . . . . . . . . . . . . . . . . . . 1-4Configuring . . . . . . . . . . . . . . . . . . . . 1-1Enabling . . . . . . . . . . . . . . . . . . . . . . 1-1Starting . . . . . . . . . . . . . . . . . . . . . . 1-2

Authorization interface . . . . . . . . . . . . . 1-2Authorization rulesExporting . . . . . . . . . . . . . . . . . . . . . 4-1Group hierarchy behavior . . . . . . . . . . 1-4Importing . . . . . . . . . . . . . . . . . . . . . 4-1System level . . . . . . . . . . . . . . . . . . . 1-4

BBasic concepts . . . . . . . . . . . . . . . . . . . 1-3Basic tasks . . . . . . . . . . . . . . . . . . . . . . 1-4Before you begin . . . . . . . . . . . . . . . . . . 1-1

CConfiguring Authorization . . . . . . . . . . . 1-1

EEnabling Authorization . . . . . . . . . . . . . 1-1Exporting authorization rules . . . . . . . . 4-1

GGetting started . . . . . . . . . . . . . . . . . . . 1-1

Granting application access . . . . . . . . . . 2-1Granting utilities access . . . . . . . . . . . . 3-1Group hierarchy behavior . . . . . . . . . . . 1-4

IImporting authorization rules . . . . . . . . 4-1

PPrerequisites . . . . . . . . . . . . . . . . . . . . 1-1Prerequisites for Authorization . . . . . . . 1-1

RRich client perspectives and views . . . . . 1-2

SStarting Authorization . . . . . . . . . . . . . 1-2Supported applications . . . . . . . . . . . . . 2-1Supported utilities . . . . . . . . . . . . . . . . 3-1System-level rules . . . . . . . . . . . . . . . . . 1-4

TTeamcenter perspectives and views . . . . . 1-2

UUtilities access, granting . . . . . . . . . . . . 3-1

PLM00110 F Authorization Guide Index-1

Authorization

Documents

Transcript of Authorization