Configuring Plant Access Claims - Intergraph Smart 3D Web API - Installation & Upgrade - Hexagon PPM

Intergraph Smart 3D Web API Installation and Configuration

PPMProduct
Intergraph Smart 3D Web API
PPMCategory_custom
Installation & Upgrade
Version_SThreeD_Custom
12 (2018)

Intergraph Smart API Manager

  1. Navigate to the Intergraph Smart API Manager Dashboard Manager website.

  2. Sign in using an administrator account.

  3. You must add a new Smart Clients entry for each client that access the Smart 3D Web API. Make a note of the secret and the Client ID because you will need them later when fetching a token.

  4. Add one or more groups.

    For Smart 3D Web API, groups are used to grant read access to users on a per plant basis. A group definition consists of External Identities and SAM Users that are part of the group. When a group is authorized in the Smart 3D Web API, it gives access to the members for a given set of plants.

    Write access is controlled by the standard Smart 3D access control functionality and only Windows Active Directory users/groups can have write access. One exception to the Windows Active Directory requirement is for Smart 3D permission groups that grant access to Everyone, they allow modifications even by non-Windows Active Directory users. You need to add one or more groups depending upon the number of users, number of plants, and how finely access is controlled.

    To add a group:

    1. Create and name the group.

    2. Define the External Identities and Users that are part of the group.

  5. In the Smart APIs section, locate the entry that was created when you configured the Smart 3D Web API web server in the Smart 3D Configuration utility. This entry has a product value of S3D and its URL value matches the value you entered in the configuration utility. Select the entry.

    1. Note its Resource Identifier for future use when fetching a token.

    2. In the Manager Supported Claim Types section, add a Plant Access claim type if one does not exist. Use the following values:

      1. Name: “Access”

      2. User Name: “Plant Access”

      3. Type: String

      4. Required: Checked

      5. Unique: Checked

    3. In the Manage Authorized Groups section, perform the following step for each existing Group that accesses one or more plants in the Smart 3D Site:

      1. Click Add Group, and select the group. Then add a Plant Access claim for each plant in the Smart 3D site to which the group will have at least read access. Note you need to type the names of the plants so have a list available. Use the “*” character as a wildcard to give access to multiple plants. For example, access to all plants can be given by giving a plant name of *.

Non-Intergraph Smart API Managers

  • Refer 5.b and 5.c from above section for creating claims for Plant Access. Note that UI options for API Managers are different based on providers.

  • Add a scope with Smart 3D Web API Service ID that is used while creating the website. Include this scope in your access tokens.

  • Include email scope for all your access tokens as Smart 3D Web API relies on email scope for processing requests.

  • For all users logged in with windows active directory credentials, configure your Sub claim to include user information in format (AD Domain)\\(AD UserName) as Smart 3D validates windows active directory users for permissions on the plant.

  • Add Audience attribute in S3D Web API web.config. This attribute should match the audience field in API Manager settings.

    Example:

<service prefix="s3d/v1" id="1591be37-f39f-4117-bd22-e65216d3e7c5" audience="1591be37-f39f-4117-bd22-e65216d3e7c5" secret="******************" instance="" />