Controlling Access to Workspace Content in Altium Designer

 

Parent page: Server Items

A managed content server provides secure handling of data with high integrity, while providing both Design Team and Supply Chain access to that data as needed. This latter aspect, of whom can access a server, and more importantly what data they are allowed to access, is facilitated by the server's user access control and sharing capabilities. These can be broken down into the following key areas:

This document takes a look at the sharing capabilities of a managed content server from within Altium Designer. For sharing capabilities through the server's browser interface, see Managing Content Structure & Access (Altium 365 Workspace), or Managing Content Structure & Access (self-managed Altium Concord Pro).

This document takes a look at the sharing capabilities of a managed content server from within Altium NEXUS. For sharing capabilities through the server's browser interface, see Browsing Content from a Web Browser.

Folder-Level Sharing

A managed content server supports the ability to 'share' server folders - facilitating connection to, and access of, server content of a particular nature. By sharing folders, design content in a server can be easily partitioned and shared with others.

A folder in a server can be shared on a number of different levels, in effect defining both the level of visibility of that folder, and the level of security for access to it. This can range from being strictly private access by specified individuals or roles, through to levels for allowing anyone in the same organization to view or change content respectively.

Those with administrator-level privileges (members of the Administrators role) will be able to see and manage all folders. For a non-administrative user of the server, only those folders that have been shared - i.e. the user has permissions to access - will be accessible when the user signs in to that server. In addition, non-administrative users of the server can only share a folder that they have created.

Accessing Folder Sharing Controls

Sharing permissions for a folder can be set up at the time of adding the folder, or at any stage after its creation. Sharing controls are accessed through the Explorer panel, from the folder's associated properties dialog (right-click on folder and choose Properties from the menu), by clicking the Share link at the bottom-left of the dialog. The Share For dialog will open in which you can configure sharing as required.

Accessing the controls for sharing a server folder.Accessing the controls for sharing a server folder.

A great benefit of configuring permissions through the server's browser interface is that an account admin isn't tied to a PC on which Altium Designer is installed, and a connection to the server is made. They can effect a change in the server's folder sharing permissions from anywhere they can get an internet connection.

Sharing with Specific Users and Roles

Use the Share For dialog to determine exactly who is allowed to access and 'see' that folder. Use the Add User and/or Add Role controls to access dialogs with which to add users and/or roles respectively - ultimately creating a specific access list for sharing folder content.

The owner of the folder (the user who created the folder) will always have full access to all content that the folder holds. As such, an entry for the Owner is added by default to the list of specific users and roles, and cannot be removed.

Example of adding a user and a role.Example of adding a user and a role.

Things to be aware of:

  • In terms of permissions, a user/role has Read/Write access when the Can Edit option is enabled. If this option is disabled, they have Read access only.
  • To remove an existing user/role from having access to the folder, select the user/role in the Share For dialog, then click the  button.
  • If you want all users of the managed content server to have access to the folder add the Anyone entity, by clicking the Add button, then choosing the Add Anyone command from the menu.
In the Share For dialog, the Can Edit option defaults to enabled, giving users/roles Read/Write access when they are added.
When configuring sharing through the Explorer panel, users and roles that are newly added will not be finalized (saved) until clicking OK in both the Share For dialog AND the Add Folder/Edit Folder dialog.

Descendant Permissions

Permissions defined for a folder can be applied to sub-folders and the Items (and revisions) they contain, by enabling the Apply to Children option - in the Share For dialog.

This allows a specified user (or role) to be able to see all content under the folder being shared. Conversely, by having this option disabled, a user will only be able to see the root folder - the content in any sub-folders will be unavailable, unless explicitly shared.

Specifying who can Change Permission Settings for a Folder

When configuring folder-level sharing through the Explorer panel, the owner of the folder, or an administrator for the server, can specify the Sharing Control for that folder - who is allowed to change the permissions for that folder. This is performed from the Share For dialog, using the Permissions can be modified by field.

Specify sharing control for a folder.
Specify sharing control for a folder.

The following levels of control are supported:

  • Owner - only the owner of the folder can change the permissions. Editors cannot change access permissions.
  • Collaborators - editors have full control to manage access permissions for the folder.

Item-Level Sharing

Sharing a folder within a managed content server is one thing, but sharing the data within that folder is another altogether. For example, a folder may be in use by two teams, with content from one team not intended for general consumption, while the other team's data is public-facing. Certain data - more specifically the Items and revisions thereof - is therefore required to be hidden, while still allowing applicable users to see the remaining content. In support of this, a managed content server supports the ability to share Items within server folders, offering a finer level of sharing when it comes to the actual data in a server.

Those with administrator-level privileges (members of the Administrators role) will be able to see and manage all Items. For a non-administrative user of the server, only those Items that have been shared - i.e. the user has permissions to access - will be accessible when the user signs in to that server. In addition, non-administrative users of the server can only share an Item that they have created.

Sharing permissions for an Item can be set up at the time of creating the Item, or at any stage after its creation. Sharing controls are accessed through the Explorer panel, from the Item's associated properties dialog (right-click on Item and choose Properties from the menu), by clicking the  link, located below the Item ID field. The Share For dialog will open in which you can configure sharing as required.

Access the Share For dialog, with which to control how the Item is shared with others.
Access the Share For dialog, with which to control how the Item is shared with others.

Controls for working with permissions at the Item-level are much the same as for defining permissions at the folder level.

If an Item in a server folder is shared with a given user, but the folder itself is not, then the user will not be able to 'see' that Item when browsing the server's content.
If the same users/roles permitted to 'see' a folder are also required to 'see' the Items therein (and in each sub-folder as applicable), use the Apply to Children option - in the Share For dialog - when defining the permissions for that parent folder. In this way, permissions are inherited quickly at the Item (and Item Revision) level. Adjustments can always be made for specific Items (or revisions) at those lower levels. At the end of the day, full control over who sees what, and where, is facilitated.

Item Revision-Level Sharing

As with folders and Items, an Item Revision in a managed content server can also be shared with permitted users/roles. Item Revision-level sharing is only truly configurable through the Explorer panel. It is not fully supported using the server's browser interface. The difference is that through the Explorer panel, you can specifically share individual revisions, whereas the browser interface simply supports Item-level sharing, and if an Item is shared, all of its revisions are shared too.

Those with administrator-level privileges (members of the Administrators role) will be able to see and manage all Item Revisions. For a non-administrative user of the server, only those Item Revisions that have been shared – i.e. the user has permissions to access – will be accessible when the user signs in to that server. In addition, non-administrative users of the server can only share an Item Revision that they have created.

Controls for working with permissions at the Item Revision-level are much the same as for defining permissions at the folder- or Item-level. Sharing permissions for an Item Revision can be set up at the time of creating the parent Item, or at any stage after its creation. Sharing controls are accessed through the Explorer panel, from the Item's associated properties dialog (right-click on Item and choose Properties from the menu). Click the Advanced control to expand the dialog to see the Item's advanced properties, then click the  link, located below the Lifecycle Definition field. The Share For dialog will open in which you can configure sharing as required.

If accessing the Item Properties dialog for the top-level parent Item, clicking the Revision Sharing control will access the permissions dialog for the latest revision of that Item. To configure sharing permissions for a previously released revision of the Item, make sure to access the Item Properties dialog for that specific revision.

Access the Share For dialog, with which to control how the Item Revision is shared with others.
Access the Share For dialog, with which to control how the Item Revision is shared with others.

If the same users/roles permitted to 'see' an Item are also required to 'see' its Item Revisions, use the Apply to Children option - in the Share For dialog - when defining the permissions for that parent Item. In this way, permissions are inherited quickly at the Item Revision level. Adjustments can always be made for specific Item Revisions at those lower levels. At the end of the day, full control over who sees what, and where, is facilitated.

Global Sharing of Design Data with Altium 365

Related page: Global Sharing

One of the most powerful aspects of the Altium 365 infrastructure platform is its support for collaboration on a global scale. At the heart of this is the platform's support for Global Sharing. With Altium 365, you can effortlessly share your current design progress with management, or purchasing, or a potential manufacturer, in a way that is also easy for them - simplified, interactive collaboration, from any device.

Data can be shared with anyone, anywhere in the world. What you share, and with whom, is down to you, and could include:

  • Sharing your electronic designs and CAM manufacturing data through your Web Browser using the free, web-based Altium 365 Viewer. This level of sharing supports viewing of designs only - no commenting.
  • Sharing live (WIP) designs with people outside of your Workspace team - for viewing and commenting only - without the need to invite them into that team. This allows invited stakeholders to view a live, work-in-progress design project, without gaining access to your full server of design data.
  • Sharing 'snapshots' of your designs - uploaded to the Altium 365 Platform - with anyone on a permanent basis. This level of sharing supports viewing and commenting of the shared snapshot, but keep in mind it is just that - a static snapshot of the design at a particular point in time, and not the live (WIP) design.
  • Sharing design data with members of your Workspace team. Share projects, folders and items as required. With projects for example, you might share read-only access to garner comment and feedback. Or perhaps grant read/write access to allow full, global collaboration by a geographically dispersed team (with editing performed through Altium Designer).
  • Sharing of release data with your manufacturer through a defined Manufacturing Package, which they can then peruse through the Altium 365 platform's dedicated Manufacturing Package Viewer - without them having access to your Workspace and therefore keeping your design data out of sight. They can then download the Build Package with which to get your board fabricated and assembled.
Sharing of a design project - be it a temporary link, a snapshot, or the live design itself - can be performed directly from within Altium Designer. For more information see Sharing a Design from within Altium Designer.

 

If you find an issue, select the text/image and pressCtrl + Enterto send us your feedback.
참고

Altium 제품에 접근할 수 있는 레벨에 따라 사용할 수 있는 기능이 달라집니다. 다양한 레벨의 Altium Designer Software Subscription에 포함된 기능과 Altium 365 플랫폼에서 제공하는 애플리케이션을 통해 제공되는 기능을 비교해보세요.

소프트웨어에서 논의된 기능을 찾을 수 없는 경우, Altium 영업팀에 문의하여 자세한 정보를 확인해주세요.

콘텐츠