You are on page 1of 29

¸ ¸ ¸

¸









¸







¸



¸ ¸
• ¸

¸
¸

















¸




















¸ ¸




¸













¸





• ¸









¸ ’








¸




¸
¸ ¸

¸

































¸ ¸
¸ ¸



¸ ¸
¸ ¸







¸
























¸ ¸ ¸ ¸



¸ ¸




¸ ¸



¸














¸





¸


























¸


¸

¸






¸
¸
¸



¸ ¸

¸

¸





¸
¸








¸

¸



¸

¸ ¸

Proprietary and restricted rights notice

This software and related documentation are proprietary to Siemens Product Lifecycle Management Software Inc. © 2010 Siemens Product Lifecycle Management Software Inc. All Rights Reserved. All trademarks belong to their respective holders.

2

Authorization Guide

PLM00110 F

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Authorization interface . . . . . . . . . 2-1 Configuring access to Teamcenter utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Teamcenter rich client perspectives and views Basic concepts of using Authorization . . . . . . .Contents Proprietary and restricted rights notice . . . . 3-1 Configure access to utilities by group or by role in group . . . . . . . . . Index-1 PLM00110 F Authorization Guide 3 . . . . . 1-1 Before you begin . . . 1-1 1-2 1-2 1-3 1-4 Configuring access to Teamcenter administrative applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Index . . . . 4-1 Import authorization rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 Sharing authorization rules with other Teamcenter sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Getting started . . . . . . . . . . . . . . 4-1 Export authorization rules . . . . . . . . . . . . . . . . . . . . 2-1 Configure access to applications by group or by role in group . . . . . . . Basic tasks using Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Authorization interface . . . . . . . . . 1-3 System-level authorization rules . . . . . . . . . . . 1-2 Basic concepts of using Authorization . . . . . . 1-4 PLM00110 F Authorization Guide . . . . . . . .Chapter 1 Getting started Before you begin . . . . . . . . . . . . . 1-4 Basic tasks using Authorization . . . . . . . . . . . . . . . . . . 1-2 Teamcenter rich client perspectives and views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 Group hierarchy support for authorization rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

copy.Chapter 1 Getting started Authorization enables you to control access to Teamcenter administrative applications and utilities based on users’ group membership or role in a group. For more information. see the Security Administration Guide and the Access Manager Guide. Grant users who occupy the importer role in the DBA Lite group access to the PLM XML Export Import Administration application. • Access to operations on objects. as follows: • Access to product features is controlled using the Command Suppression application. such as delete. see the Command Suppression Guide. If you have trouble accessing Authorization. you can: • • Grant all members of the DBA Lite group access to the Organization application. Authorization works in conjunction with other Teamcenter applications to control access to product features and data. For more information. regardless of their role within the group. you see an error message. is controlled by configuring rules in Access Manager. For example. and change ownership. Configure Authorization Authorization does not need to be configured. If you try to log on to more than one workstation at a time. Note You can log on to Teamcenter only once. it may be a licensing issue. Before you begin Prerequisites Enable Authorization You need Teamcenter administrator privileges to use Authorization. PLM00110 F Authorization Guide 1-1 . Authorization does not need to be enabled before you use it. this feature must be selected. see your system administrator. but during installation.

1-2 Authorization Guide PLM00110 F .Chapter 1 Getting started Start Authorization Click Authorization in the navigation pane. functionality is provided in perspectives and views. Perspectives Are containers for a set of views and editors that exist within the perspective. Displays the list of administrative utilities or applications that can be shown or hidden. You can choose which utilities or administrative applications are displayed in the interface for a selected group or for a selected role within a group. 3 4 Available Applications Shown Applications Teamcenter rich client perspectives and views Within the Teamcenter rich client user interface. Use perspectives and views to rearrange how the functionality is presented. Authorization interface 1 2 Authorization Quick Links Organization tree Enables you to choose either utilities or applications for configuration. Displays the groups and roles in your organization. Displays the list of administrative utilities or applications that are shown in the interface for the selected group or role in group.

• • • • Views that work with related information typically react to selection changes in other views. and you can create additional rules to support your business processes using the Authorization application. Basic concepts of using Authorization Authorization rules allow you to control access to Teamcenter administrative applications and utilities based on groups. see the Rich Client Interface Guide. Palette. For more information about using the shortcut menu. see the Preferences and Environment Variables Reference. but only one perspective can be displayed at a time. Print Object. You can add and rearrange views to display multiple sets of information simultaneously within a perspective. are not specifically associated with a particular perspective. You can save a rearranged perspective with the current name. or display properties. open an editor. The shortcut menu is usually displayed by right-clicking. Any view can be opened in any perspective. System-level rules are delivered as part of your Teamcenter installation. Note Your administrator can use the HiddenPerspectives preference to prevent the display of some Teamcenter perspectives in the rich client. PLM00110 F Authorization Guide 1-3 . display information about selected objects. For more information about unassociated views. Outline. Note If your site has online help installed. Objects selected in a view may provide context for a shortcut menu. or create a new perspective by saving the new arrangement of views with a new name. you can access application and view help from the rich client Help menu or by pressing F1. For more information about perspectives and views and changing the layout of your rich client window. For information about editing preference values. Changes to data made in a view can be saved immediately. and any combination of views can be saved in a current perspective or in a new perspective. see the Rich Client Interface Guide. Views Enable you to navigate a hierarchy of information. such as Communication Monitor. see the Rich Client Customization Programmer’s Guide. Some views.Getting started • • • A perspective exists in a window along with any number of other perspectives. and Progress.

1-4 Authorization Guide PLM00110 F . as follows: • • Rules defined for a parent group are inherited by all subgroups of the parent group. Rules defined at the subgroup level apply only to that subgroup. Each group has exactly one parent group (unless it is at the root of the hierarchy. and add users to or remove users from projects. Authorization rules are inherited within the group hierarchy.Chapter 1 Getting started System-level authorization rules System-level authorization rules are those rules delivered as part of your standard Teamcenter installation that govern access to administrative applications and utilities. In such cases. Authorization enables you to create authorization rules to model access to administrative tools to your business processes. while a different group may be responsible for designing workflow processes. authorization rules defined for the Manufacturing group apply only to the Validation subgroup that is directly related to the Manufacturing group. responsibility for administering user data such as personal and organization information may be assigned to one group. For example. if both the Manufacturing group and the Design group have a Validation subgroup. administrative tasks are assigned at a functional level corresponding to your business practices. Configure access to Teamcenter utilities. dba group privileges are more broad and powerful than is necessary or desirable. rules defined for one parent group are not inherited by the same-name subgroup of the other parent group. Note In the event that two subgroups of different parentage share the same name. the Project Administration group and the dba group. authorization rules defined for the Design group apply only to the Validation subgroup that is directly related to the Design group. By default. Often. when it has no parent group). For example. and each group can have one or more child groups (subgroups). Project Administration group members only have access to the Project application. Group hierarchy support for authorization rules Groups within the organization tree can be configured into one or more hierarchies. delete. dba group members are granted access to all Teamcenter administrative applications and utilities. which allows them to create. Likewise. modify. Teamcenter supplies two groups for administrative purposes. Share administration authorization rules with other Teamcenter sites. Basic tasks using Authorization Use Authorization to perform the following tasks: • • • Configure access to Teamcenter administrative applications.

. . . . . . . . . 2-1 PLM00110 F Authorization Guide . .Chapter 2 Configuring access to Teamcenter administrative applications Configure access to applications by group or by role in group . . .

.

Tip If the Available Applications list is empty. Configure access to applications by group or by role in group 1. Select the application that you want to grant access to from the Available to move the application to the Shown Applications list. Click Add Applications list. click any group or role symbol in the Organization tree to refresh the list. PLM00110 F Authorization Guide 2-1 . Note You can also set the TC_authorization_mode preference to specify whether to evaluate all the group memberships of users and their role in those groups when authorizing access to an application or to evaluate their current group logon and role in that group. 2. or role to whom you want 3.Chapter 2 Configuring access to Teamcenter administrative applications The following applications are supported for access configuration using Authorization: Access Manager ADA License Appearance Configuration Audit Manager Authorization Business Modeler IDE Classification Administration PLM XML Export Import Administration Project Command Suppression Setup Wizard eIntegrator Admin Organization Subscription Monitor Workflow Designer You can configure access to these applications by group or by role in group. Click the Applications link in the Quick Links section of the navigation pane. Expand the Organization tree and click the group to grant or deny application access.

2-2 Authorization Guide PLM00110 F .Chapter 2 Configuring access to Teamcenter administrative applications 4. Click Save.

. . . . . . . . .Chapter 3 Configuring access to Teamcenter utilities Configure access to utilities by group or by role in group . . 3-1 PLM00110 F Authorization Guide . . . . . .

.

Configure access to utilities by group or by role in group 1. 3. list. 2. PLM00110 F Authorization Guide 3-1 . Click the Utilities link in the Quick Links section of the navigation pane. click any group or role symbol in the Organization tree to refresh the list. Click Save. Select the utility that you want to grant access to from the Available Utilities to move the utility to the Shown Utilities list. Click Add Tip If the Available Utilities list is empty. expand the Organization tree and click the group or role to whom you want to grant or deny utility access. 4. In the Authorization application pane.Chapter 3 Configuring access to Teamcenter utilities The following utilities are supported for access configuration using Authorization: data_share data_sync database_verify export_recovery find_processes fsc_admin purge_invalid_subscriptions update_project_data dsa_util You can configure access to these utilities by group or by role in group.

.

. . . . . . . . . . . 4-1 Import authorization rules . . . . . . . . . . . . . . . .Chapter 4 Sharing authorization rules with other Teamcenter sites Export authorization rules . . . . . . . . . . . 4-1 PLM00110 F Authorization Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

The authorization rule file is saved in the operating system directory that you specified in step 2. allowing you to synchronize authorization rules between sites that share data.Chapter 4 Sharing authorization rules with other Teamcenter sites Authorization rules can be exported to an operating system directory as an XML file that can then be imported at another Teamcenter site. Click the exportRule button. 3. Note The file is output in XML format. Click the importRule button. 3. 2. navigate to the directory location where you want to save the rule file. 4. Note Rule files are XML files. Type a name for the file in the File name box. Select the authorization rule file. The authorization rule file is imported in to Teamcenter. In the importRule dialog box.xml. click the importRule button. Import authorization rules 1. Export authorization rules 1. navigate to the directory containing the authorization rule file that you want to import. the file name must end in . In the Authorization application pane. In the exportRule dialog box. therefore. 4. click the exportRule button. PLM00110 F Authorization Guide 4-1 . 2. In the Authorization application pane.

.

Appendix A Glossary PLM00110 F Authorization Guide .

.

C Classification Administration Teamcenter application that enables a system administrator to define the groups. for entire groups of users. classes. Audit definition objects create audit logs that users can view from Teamcenter applications. Command Suppression Teamcenter application that enables the system administrator to control the display of menu and toolbar commands within Teamcenter applications. and for users who are assigned a role within a group. classes. Command Suppression allows suppressing the display of commands for an entire group hierarchy or a specific role within the hierarchy. lists of values. Audit Manager Teamcenter application that enables a system administrator to define audit definition objects. Appearance Configuration Teamcenter application used to configure the use of appearance: • • Defining the appearance sets for which the site tracks appearances. B Business Modeler IDE Teamcenter application that enables a customer to define the following data model objects: business objects. and rules. enable/disable audit trail logging. Users can audit any Teamcenter object and event type with an audit definition. and views that form the Classification hierarchy. Authorization Teamcenter application that enables access control of administrative applications and utilities. and control audit log access. It also allows suppressing the display of specific commands on a designated menu or the display of entire menus. PLM00110 F Authorization Guide A-1 . Configuring the mapping of occurrence notes into appearance attributes.Appendix A Glossary A Access Manager (AM) Teamcenter application that enables the system administrator to grant users access to Teamcenter objects. subclasses. attributes.

role Function-oriented cluster of users that models skills and/or responsibilities. eIntegrator Admin maps external data systems into equivalent objects in its database. project Basis for identifying a group of objects available to multiple organizations. and site administration. PLM XML is open and based on standard W3C XML schemas. and flexible mechanism for transporting high-content product data over the Internet. definition of the hierarchical structure of the Teamcenter organization. Organization enables creation and management of person. A-2 Authorization Guide PLM00110 F . such as project teams. O Organization Teamcenter application that enables a system administrator to create and manage critical Teamcenter files and database entries. role is an accessor used to grant privileges to all users with the same skills and/or responsibilities regardless of project. G group Organizational grouping of users at a site. management of data volumes. PLM XML provides a lightweight. R Report Generator Teamcenter’s manufacturing process management application that provides a format for producing reports about information in Teamcenter’s manufacturing process management. extensible.Appendix A Glossary E eIntegrator Admin Teamcenter application that provides a simple integration mechanism you can use to integrate external data with Teamcenter. maintenance. The same roles are typically found in many groups. Representing a variety of product data both explicitly and via references. suppliers. user. and group definitions. It is the point of access for creating a company’s virtual organization and for performing system administration activities such as volume creation. Users can belong to multiple groups and must be assigned to a default group. development teams. role. P PLM XML Siemens PLM Software format for facilitating product life cycle interoperability using XML. and establishment and maintenance of Teamcenter sites. and customers for a particular piece of work. In Access Manager. The data can then be imported into the database as forms.

role in group is an accessor used to grant privileges to all users with the same skills and/or responsibilities in the same group. incorporating company business practices and procedures into the templates.Glossary role in group Specific role in a specific group. Teamcenter users initiate workflow processes using these templates. W Workflow Designer Teamcenter application that enables administrators to graphically design workflow process templates. and optionally define a default volume for assigned groups. Teamcenter notifies a subscribed user when the event occurs in association with the object. S Setup Wizard Teamcenter application that facilitates postinstallation setup of a Teamcenter database using an input file to populate the information required to create the basic components of the Teamcenter organization. Using Setup Wizard. such as My Teamcenter and Structure Manager. assign a group/role to a user. In Access Manager. a system administrator can create user/person definitions. Users can subscribe to objects from Teamcenter applications. subscription Combination of a workspace object and event to which a Teamcenter user requests notification of occurrence. PLM00110 F Authorization Guide A-3 .

.

. . . . . . . . . . 4-1 P Prerequisites . . . . . . . . . . . . . . . . . . . . . . 3-1 Group hierarchy behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . granting . . . . 1-1 Prerequisites for Authorization . . . . . . . . . 4-1 G Getting started . . . . . . . . . . . . . 1-3 Basic tasks . . . . . . . . . 1-2 2-1 3-1 1-4 PLM00110 F Authorization Guide Index-1 . . . . . T Teamcenter perspectives and views . . . . . . . . . . . . . . . . Configuring . . . . . . . 1-2 U Utilities access. . . . 1-1 E Enabling Authorization . . . . . . . . . . . . System-level rules . . 1-4 Before you begin . . . . . 1-1 . . . . . . . . . 3-1 . . . . . . . . . . . . . . . . . . . . 2-1 Granting utilities access . . 1-1 R Rich client perspectives and views . . . . . . Authorization interface . . . . . . . . . . . B Basic concepts . . . . . Enabling . . 2-1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 S Starting Authorization Supported applications Supported utilities . . . . . . Authorization rules Exporting . . . . . . . . . . . . . . . . . . . . . . 1-1 C Configuring Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Exporting authorization rules . . . . . . . . . . . . . . . . . . . . . . . . . . Group hierarchy behavior Importing . . . . System level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Starting . . . . . . 1-4 1-1 1-1 1-2 1-2 4-1 1-4 4-1 1-4 Granting application access . . . . . . . . . . . . . . . . granting Authorization Basic tasks . . . . . . 1-4 I Importing authorization rules . . . . . . . . . . . . . . . . . . . . . . . .Index A Application access. . . . . .