Understanding information access - HxGN SDx - Update 64 - Help

HxGN SDx Help
Language
English
Product
HxGN SDx
Search by Category
Help
SmartPlant Foundation / SDx Version
10

What you see and can do in the Web Client depends on how your administrator configures your system and your security permissions. Administrators use the security model to do the following:

  • Create users, access groups, and role assignments

  • Assign users to roles and associate roles with access groups, which determine the access to features, commands, plants and projects

  • Create plant or project scopes, known as configurations, which determine what data you can view, create, and modify

    Configurations are used to manage controlled change to data. The top-level configurations are usually plants with projects underneath

  • Create and enforce security rules and security codes

How do I know which roles and configurations I can use?

You can see which roles and configurations you can use two different ways:

  • You can see which roles and configurations are currently being used in the upper right corner of the Web Client. Select Query, Create, and Role to view the options available to you.

  • Select Settings , and then Scope to view your configurations, or select Roles to view which roles are available to you.

I can create an object in Plant A, but not in Plant B. Why?

You can only create objects in a single configuration at a time – this is called the create scope. If Plant A was selected as your create scope, it is the only configuration in which you can create objects. You can query objects in Plant B, but you won’t be able to create objects in that plant (unless you switch your create scope to Plant B).

Which security features determine what I can see or do in the system?

What you can see or do is determined by which objects you need to see and which actions you need to perform to do your job.

Your administrator can use many different components of the security model to control what you can do or see in the system.

For more information on the security model, see Security model overview.

Security model feature

What it does

Role and role assignment

Determines your level of access to data and functionality in a specific plant or project configuration. You can belong to more than one role per configuration. Roles are associated with related access groups, domains, and owning groups.

Access group

Determines what actions you can perform in the system and which functional components you can access in your system. Users are related to roles, which are related to access groups.

Security rule

Limits the types of data that you can query in the system. Your associated access groups are used to determine which security rules are relevant.

Security code

Sets different security levels for users and data in the system. Security codes are used by security rules, which determines your access to documents and data items that can be secured by these codes. You may be assigned different sets of security codes in different plants or projects.

Owning group

Sets up ownership of data, typically by department or discipline, as well as controls your access to an object or parts of an object based on its ownership. Objects can be owned by a user or by an owning group. Owning groups are associated to roles. The default owning group is engineering to which everyone has access.

Configuration

You can be assigned different roles in different plants and projects.

You can create and manipulate data in a single plant or project. This is also known as the create scope. Objects created in projects are not visible from parallel projects or its parent plant.

You can query across multiple plants and projects. This is also known as the query scope.

Why do I get a restriction exception when I query certain data types?

What you can query for, or how you can navigate to certain data types in the database, is controlled by restrictions related to various user and role types. If you receive a restriction exception message and believe you should have access to the data you're querying, contact your system administrator. For more information, your system administrator should see Restriction exception error on query or navigation.

I can’t find a document that I’m supposed to work on. Where is it?

There might be several reasons you can’t find the document in your system:

  • A security rule might be applied that limits access to specific organizations.

  • The document might be in a plant or project that you don’t have access to.

  • You might not have the appropriate role to edit that specific document.

  • The document might have a security code that you don’t have access to, so specific documents might not be accessible or available.

It’s important to communicate with your administrator to see if you’re allowed to access that document.

Which security codes are delivered?

There are three security codes delivered: Unclassified, Proprietary, and Classified; however, your administrator can configure any security code that meets your business's needs.

Security codes can be associated with both objects in the system and user roles - setting different security levels and controlling access and visibility of objects.