Controlling Access to Workspace Content in Altium NEXUS

Now reading version 3.0. For the latest, read: Controlling Access to Workspace Content in Altium NEXUS for version 5

Nexus message

This documentation page references Altium NEXUS/NEXUS Client (part of the deployed NEXUS solution), which has been discontinued. All your PCB design, data management and collaboration needs can now be delivered by Altium Designer and a connected Altium 365 Workspace. Check out the FAQs page for more information.

 

Parent page: Server Items

A managed content server provides secure handling of data with high integrity, while providing both Design Team and Supply Chain access to that data as needed. This latter aspect, of whom can access a server, and more importantly what data they are allowed to access, is facilitated by the server's user access control and sharing capabilities. These can be broken down into the following key areas:

This document takes a look at the sharing capabilities of a managed content server from within Altium NEXUS. For sharing capabilities through the server's browser interface, see Browsing Content from a Web Browser.

Folder-Level Sharing

A managed content server supports the ability to 'share' server folders - facilitating connection to, and access of, server content of a particular nature. By sharing folders, design content in a server can be easily partitioned and shared with others.

A folder in a server can be shared on a number of different levels, in effect defining both the level of visibility of that folder, and the level of security for access to it. This can range from being strictly private access by specified individuals or roles, through to levels for allowing anyone in the same organization to view or change content respectively.

Those with administrator-level privileges (members of the Administrators role) will be able to see and manage all folders. For a non-administrative user of the server, only those folders that have been shared - i.e. the user has permissions to access - will be accessible when the user signs in to that server. In addition, non-administrative users of the server can only share a folder they have created.

Accessing Folder Sharing Controls

Sharing permissions for a folder can be set up at the time of adding the folder, or at any stage after its creation. Sharing controls are accessed through the Explorer panel, from the folder's associated properties dialog (right-click on folder and choose Properties from the menu), by clicking the Share link at the bottom-left of the dialog. The Share For dialog will open in which you can configure sharing as required.

Accessing the controls for sharing a server folder.Accessing the controls for sharing a server folder.

A great benefit of configuring permissions through the server's browser interface is that an account admin isn't tied to a PC on which Altium NEXUS is installed, and a connection to the server is made. They can effect a change in the server's folder sharing permissions from anywhere they can get an internet connection.

Sharing with Specific Users and Roles

Use the Share For dialog to determine exactly who is allowed to access and 'see' that folder. Use the Add User and/or Add Role controls to access dialogs with which to add users and/or roles respectively - ultimately creating a specific access list for sharing folder content.

The owner of the folder (the user who created the folder) will always have full access to all content that the folder holds. As such, an entry for the Owner is added by default to the list of specific users and roles, and cannot be removed.

Example of adding a user and a role.Example of adding a user and a role.

Things to be aware of:

  • In terms of permissions, a user/role has Read/Write access when the Can Edit / Can Write option is enabled. If this option is disabled, they have Read access only.
  • To remove an existing user/role from having access to the folder, select the user/role in the Share For dialog, then click the  button.
  • If you want all users of the managed content server to have access to the folder add the Anyone entity, by clicking the Add button, then choosing the Add Anyone command from the menu.
In the Share For dialog, the Can Edit option defaults to enabled, giving users/roles Read/Write access when they are added.
When configuring sharing through the Explorer panel, users and roles that are newly added will not be finalized (saved) until clicking OK in both the Share For dialog AND the Add Folder/Edit Folder dialog.

Descendant Permissions

Permissions defined for a folder can be applied to sub-folders and the Items (and revisions) they contain, by enabling the Apply to Children option - in the Share For dialog.

This allows a specified user (or role) to be able to see all content under the folder being shared. Conversely, by having this option disabled, a user will only be able to see the root folder - the content in any sub-folders will be unavailable, unless explicitly shared.

Specifying who can Change Permission Settings for a Folder

When configuring folder-level sharing through the Explorer panel, the owner of the folder, or an administrator for the server, can specify the Sharing Control for that folder - who is allowed to change the permissions for that folder. This is performed from the Share For dialog, using the Permissions can be modified by field.

Specify sharing control for a folder.
Specify sharing control for a folder.

The following levels of control are supported:

  • Owner - only the owner of the folder can change the permissions. Editors cannot change access permissions.
  • Collaborators - editors have full control to manage access permissions for the folder.

Item-Level Sharing

Sharing a folder within a managed content server is one thing, but sharing the data within that folder is another altogether. For example, a folder may be in use by two teams, with content from one team not intended for general consumption, while the other team's data is public-facing. Certain data - more specifically the Items and revisions thereof - is therefore required to be hidden, while still allowing applicable users to see the remaining content. In support of this, a managed content server supports the ability to 'share' Items within server folders, offering a finer level of sharing when it comes to the actual data in a server.

Those with administrator-level privileges (members of the Administrators role) will be able to see and manage all Items. For a non-administrative user of the server, only those Items that have been shared - i.e. the user has permissions to access - will be accessible when the user signs in to that server. In addition, non-administrative users of the server can only share an Item they have created.

Sharing permissions for an Item can be set up at the time of creating the Item, or at any stage after its creation. Sharing controls are accessed through the Explorer panel, from the Item's associated properties dialog (right-click on Item and choose Properties from the menu), by clicking the  link, located below the Item ID field. The Share For dialog will open in which you can configure sharing as required.

Access the Share For dialog, with which to control how the Item is shared with others.
Access the Share For dialog, with which to control how the Item is shared with others.

Controls for working with permissions at the Item-level are much the same as for defining permissions at the folder level.

If an Item in a server folder is shared with a given user, but the folder itself is not, then the user will not be able to 'see' that Item when browsing the server's content.
If the same users/roles permitted to 'see' a folder are also required to 'see' the Items therein (and in each sub-folder as applicable), use the Apply to Children option - in the Share For dialog - when defining the permissions for that parent folder. In this way, permissions are inherited quickly at the Item (and Item Revision) level. Adjustments can always be made for specific Items (or revisions) at those lower levels. At the end of the day, full control over who sees what, and where, is facilitated.

Item Revision-Level Sharing

As with folders and Items, an Item Revision in a managed content server can also be shared with permitted users/roles. Item Revision-level sharing is only truly configurable through the Explorer panel. It is not fully supported using the server's browser interface. The difference is that through the Explorer panel, you can specifically share individual revisions, whereas the browser interface simply supports Item-level sharing, and if an Item is shared, all of its revisions are shared too.

Those with administrator-level privileges (members of the Administrators role) will be able to see and manage all Item Revisions. For a non-administrative user of the server, only those Item Revisions that have been shared – i.e. the user has permissions to access – will be accessible when the user signs in to that server. In addition, non-administrative users of the server can only share an Item Revision they have created.

Controls for working with permissions at the Item Revision-level are much the same as for defining permissions at the folder- or Item-level. sharing permissions for an Item Revision can be set up at the time of creating the parent Item, or at any stage after its creation. Sharing controls are accessed through the Explorer panel, from the Item's associated properties dialog (right-click on Item and choose Properties from the menu). Click the Advanced control to expand the dialog to see the Item's advanced properties, then click the  link, located below the Lifecycle Definition field. The Share For dialog will open in which you can configure sharing as required.

If accessing the Item Properties dialog for the top-level parent Item, clicking the Revision Sharing control will access the permissions dialog for the latest revision of that Item. To configure sharing permissions for a previously released revision of the Item, make sure to access the Item Properties dialog for that specific revision.

Access the Share For dialog, with which to control how the Item Revision is shared with others.
Access the Share For dialog, with which to control how the Item Revision is shared with others.

If the same users/roles permitted to 'see' an Item are also required to 'see' its Item Revisions, use the Apply to Children option - in the Share For dialog - when defining the permissions for that parent Item. In this way, permissions are inherited quickly at the Item Revision level. Adjustments can always be made for specific Item Revisions at those lower levels. At the end of the day, full control over who sees what, and where, is facilitated.

 

If you find an issue, select the text/image and pressCtrl + Enterto send us your feedback.
Content