3DEXPERIENCE CLOUD People & Organization

3DEXPERIENCE CLOUD People & Organization. 2020x GA.

What are we really talking about?. P&O really refers to settings up specific information sets (users, organizations…) in order to grant or deny access to information stored in or accessed from the 3DEXPERIENCE platform. In a larger context, where the access granting principles have to be defined, we will refer to the overall activity as Access Control..

[Audio] Some of the access control terminology to become familiar with, which we'll discuss in the next slides.

P&O Elements - Organization. Organization objects’ purpose is to define a group of persons belonging to a same operational entity. Note : the “member of” relationship has no influence on the security rights (it is having a context on a given organization that will provide access to data belonging to this organization). 3 types of organizations in the platform: Company Business Unit Department Note : choosing a type of organization has no influence on the security rights. Organizations can be connected in a hierarchical manner. A context on “Depart. A” will give you the same access rights as a similar context on “OEM”. In other terms, a child organization is considered as being part of its parent organization (but not the opposite)..

Organization Types: Company Legal entity that has been incorporated either directly through legislation or through a registration process established by law Example: Dassault Systèmes Canada Inc. is a company that’s a subsidiary of Dassault Systèmes S.A. Business Unit A logical element or segment of a company representing a specific business function, and a definite place on the organizational chart, under the domain of a manager Example: Dassault Systèmes Business Transformation is a business unit within DS Department Specialized functional area within an organization or a division Example: Human Resources is a department.

P&O Concepts – Collaborative Space. Represents a planned enterprise activity Typically represents a major categorization of collaboration in a Company where data needs to be secured or shared cross organization. (A collaborative space IS NOT a project.) Four Types of Collaborative Spaces can be created: Private, Protected, Public or Standard visibility to manage content access..

[Audio] Note that these are the default settings, and can be modified with configuration. The purpose of Standard type of collaborative space is to have the following specific behavior : It must not be possible to insert under a standard structure (for example a standard assembly) objects (for example 3Dparts) that do not belong to a standard collaborative space. In Design collaborative spaces, it is possible to mix into a same structure data coming from different collaborative spaces..

[Audio] On cloud, Public Reader not available.. P&O Concepts – Public Content.

P&O Concepts – Baseline Roles. Defines the activity of a user One or more roles are assigned to each user 7 Roles exist in the Baseline setup that could be separated in 2 groups Applicative roles (Public Reader, Reader, Contributor, Author, Leader) Gives users’ authorizations to visualize, modify, save and delete data. Applicative roles are dedicated to usual users. Authorizations are cumulated from Reader to Leader. (ie Author automatically inherits Reader privileges.) Administrative roles (Owner, Administrator) Roles dedicated to IT Users.

P&O Concepts – Baseline Roles. Default 3DSpace Baseline Roles Reader: allows a user Read-access to both Public and Private Content within a Collaborative Space he is given access to. Public Reader: allows a user Read-access to only Public content within a Collaborative Space. Author: allows a user Write/Modify-access to any Content he owns within a Collaborative Space he is given access to. Contributor: allows a user Write/Modify-access to any Content within a Collaborative Space he is given access to. Leader: allows a user Write/Modify-access to any Content as well as Promote access to any Change Controlled Content within a Collaborative Space he is given access to. Owner: user/Collaborative Space that is responsible for the Content..

Baseline Access Roles Privileges at a glance. Access Role for Design tasks Privileges Reader Reads any content of collaborative spaces and organizations the user is assigned to. Creates & Edit Personal category content (e.g. Favorites). This kind of content is only accessible by the persons who owns the content. Contributor Has all Reader privileges +.... Creates & Edit Evaluation category content (e.g. Review, Interference Simulation, Manufacturing Simulation, etc). Author Has all Contributor privileges +… Creates & Edit Definition category content (e.g. Requirement, Physical Product, System, Manufactured Assembly, etc). Leader Has all Author privileges +… Creates & Edit Design Resource category content (e.g. Project, Templates, etc)..

P&O Concepts – Security Context. Defines a user’s working environment for one organization, one role, and one Collaborative Space. User can be assigned to multiple security contexts, but one is selected as the active context. Provides a “Matrix” approach to security. Ex. A user can be an author in one Collaborative Space and only a reader on another..

P&O Concepts – Security Context. Selecting Active Context: In widget Preferences OR native apps launch Select Active Organization, Collaborative Space, and Role Click Ok..

P&O Concepts – Content Ownership. All data will get “stamped” with a user (name), collaborative space, and organization upon creation. Access rights are based on data ownership. The Ownership of an object is defined by the combination of 3 properties: user, collaborative space and organization The combination of that information is called Ownership Vector Initially set on creation by using the creator’s active context and name. Ownership can be changed manually with the Transfer Ownership command..

New Access Roles with Restricted Read Access (1/7) Regular Access Role UX label Reader (Restricted) Contributor (Restricted) Author (Restricted) Leader (Restricted) Internal name 3DSRestrictedReader 3DSRestrictedContributor 3DSRestrictedAuthor 3DSRestrictedLeader Administrative Access Role 8 UX label Owner (Restricted) Internal name 3DSRestrictedOwner Description - Gives same access than extended Reader except it is restricted to content of the Collaborative Space Organization the user is member of (i) - Inherits all Reader (Restricted) access rights. - Gives same create and modification rights than Contributor except - Inherits all Contributor (Restricted) access rights. - Gives same create and modification rights than Author except - Inherits all Author (Restricted) access rights. - Gives same create and modification rights than Leader except Description - Gives same access rights than Owner except - Can only invite people for the Collaborative Space and Organization he is member of as Owner (Restricted) - Cannot modify the visibility (Private Protected Public) of the Collaborative Space.

UX - Configure Access Roles availability (5/7) 3DéXPEklENCE 1 3DDashboard Platform Managernent O Collaborative Spaces Control My Platform Vembers Communities Content Collaborative Spaces Control Centet - onptemises Manage Collaborative Spaces * Define Member Permissions New users deployment Cive access to al new users to thc Common Space Enable all new users to create a collaborative space Role availability Reader Public reader RestricteC roles Associate Leader and Owner Manage visibility Owner access roE allow to manage the Collaboratrve Space Visiblllty Dashboards Manage Settings Update for "Public reader" : will be highlighted as "Not recommended". Use Reader (Restricted) instead. "Restricted" access roles can be enabled in this section. Default is disabled. Leader and Owner / Restricted Leader and Restricted Owner can work separately 8 20 Available Access Roles can be enabled thanks to dedicated options in "Role availability" section If enabled, they will be available when adding people or user groups as member of a Collaborative Space DASSAULT SYSTEMES.

UX - Add people as member of Collaborative Spaces (6/7) Advanced command: New option is available invite people with either: 3 ospace Supplier 101 Suppli«l Supplier 102 supplier 201 Adrnjn PLATFORM OEM USEROI Engineering • Excovaz« Corp COMPANY NAME Company Name Leader P & Owner EXCAVATOR CORP Excavator Corp Engineering Leader SUPPLIERI Supplierl P Owner restricted Author restricted a) b) SUPPLIER2 Supplier2 Leader restricted Restricted access to the Collaborative Space 8 21 and Organization Extended access Add member(s) to: Excavator 123 Add rember(s) Aad group(s) Add any user of your 3DEXPERENCE Platform to this content Enabé restricted Reader contributor (Re•sO Author (Restricted) Laaoer (Hestnclea} Leader (nestlieed} owner Restricted) üvncr (Ractnctod) x Cancel.

ORG: Company Name. BODY Designers User Group « Read ».

In Summary. Different Departments users under Company Name will be able to Read all the data in the Engineering collaborative space. Users belonging to a Department, example Electrical, will only be able to Modify data that is owned by that Department. Users belonging to the Supplier Department, example Body, will only be able to Read and Modify data that in belonging to their Department. Enabled through “restricted access” to collaborative space. Additional access to data in the Engineering collaborative space can be granted either through a Transfer Ownership of data OR Access Rights command on data (secondary ownership vector) – see next section.

Setting it up – Platform Administrator. Administrator Create User Groups using Dashboard widget – User Groups Create Group per Department Add members to the User Groups.

P&O Concepts – Multiple Ownership. Data can require multiple ownerships, for example a Part may need to have the host company as an owner and a supplier as an owner. Data will always have Primary Ownership as described under content ownership. Users can add or remove additional Secondary Ownership on data A complete ownership definition includes the following: Organization: represents an organization Collaborative space : represents a categorization of collaboration in a Company Comment: a short string used primarily for annotation Access: a comma-separate list of permissions: ‘Read’, ‘Modify’, ‘Promote’, etc The first three fields (organization, project, and comment) together provide a unique identifier for the ownership entry. Different Accesses can be specified for each Secondary Owner. (Read, Modify, Promote, Full).

P&O Concepts – Multiple Ownership. Maintaining security on manually on every data object can be problematic and unpractical. It is however possible to set an object to inherit the ownership list from another object. Instead of identifying ownership by an organization and Collaborative Space, it is possible to give an object ID, which implies ownership inheritance from the specified object. Object ID (or type|name|revision): identifying the object to reference. Comment: a short string used primarily for annotation. Access: a comma-separate list of security tokens: ‘Read’, ‘Modify’, ‘Promote’, , etc. The access rule engine updates the object’s ownership list dynamically to include the ‘parent’ ownership. Changing the ownership of a referenced object will impact all the inheriting object’s access. Ownership inheritance is restricted to one level: (A inherits from B and B inherits from C: Does not imply that A also inherits from C)..

P&O Concepts – Inherited Ownership. Folder Inherited Permissions Create folder with “Inherit Access” = Yes and add a Part to the folder. Notice the inherited access under the “Multiple Ownership Access” for the Part..

[Audio] Explain configuration options. In 2018x these options are found within the Collaborative Spaces Control application. New SOV configuration – who can edit SOV setting in the GUI.

[Audio] Need to clarify. Read Access Configurations.

Read Access. Allow read-access to any public content (owned by the user's organization credentials) Determines if the user gets read access to public data owned by the same organization as their credentials (active or passive) even if that data is in a collab space for which the user does not have credentials. User will have read access also if the data is owned by any parent organization.

Allow users read-access to any content in any other collaborative space When checked, users will have read access to data owned by collab spaces for which the user has passive security contexts. Allows read access to data owned by passive security contexts. If unchecked the user must log in with the exact collab space that owns the data to have read access – passive contexts will be ignored. Note: If this is unchecked, and the previous rule is unchecked, the user will have to log in with a context of the same org and collab space as the data in order to have read access..

Allow write-access only to the Author who is responsible for the content By default, all users with the Author role have modify access if their active security context matches the organization and collab space that owns the data. If this is unchecked, users with the Author role can only modify data in which they are also the owner (responsible)..

Modify Access. Allow write-access only to the Contributor who is responsible for the content By default, all users with the Contributor role have modify access if their active security context matches the organization and collab space that owns the data. If this is unchecked, users with the Contributor role can only modify data in which they are also the owner (responsible)..

Modify Access. Reserve content before modification If this option is activated, the user won’t be able to save any modification either on Reference or Instance of a 3D object if this Reference or Instance is not locked. When activated all References and Instances are locked automatically upon creation..

[image]. Modify Access. Allow Contributor to insert content into released design structures If option activated, the user connected as ‘Contributor’ will be able to insert review/simulation objects under “Released” content of current ‘Collaborative Space’..

Modify Access. Only users that belong to the organization that owns the content can modify that content If option activated, the user won’t be able to save any modification done on external objects from current organization, while belonging to same ‘Collaborative Space’. This enforces the baseline rule that a user’s active security context must match the organization ownership of the data in order to modify the data..

Modify Access. Allow users to modify content in any collaborative space they have access to In case of a user connected inside a Collaborative Space, he will be able to save modification carried out on data belonging to external ‘Collaborative Spaces’, under the condition that: ‘Extend write-access to content from all user contexts’ server option has been activated The user has been granted with ‘Author’ or ‘Leader’ role in corresponding external ‘Collaborative Spaces’.

Modify Access. Allow usage of private content from any collaborative space users have access to If option activated, the user will be able to insert private content from current login context, according to the fact that “Read Access - Access private context from all user contexts” server option has been previously activated.

Ownership Access. Restrict content ownership transfer to the Owner of the collaborative space When this rule is deactivated (the default), the responsible person for the content can transfer ownership. When this rule is activated only the person with the Owner access level for the collaborative space can transfer ownership..

Content Behavior Configuration (1/3). It Is Recommended To Start Using Default Access Rules Setup, Experiment and Adapt.

“Access Rules” – Read Operations: Default Configuration.

“Access Rules” – Modify Operations: Default Configuration.

HOW To:. DS 3DEXPERlENCE I ENOVIA Collaboration and Approvals Change Management My Changes Collaboration and Approvals Dashboard Issues Summary Issue Categories an Classification Collections Companies Utilities Routes Companies Company CJ Company Name Company Type Host.

HOW To:. 13s 3DEXPERlENCE I ENOVIA Collaboration and Approvals Company Name Company Company Name Business Skills Work Calendars Business Units Departments Plants People Currency Exchange Rates Owner : Corporate Modified 2020 Feb 5 x ICI- Name g Body Closures Electrical Type Department Department Department.

HOW To:.

HOW To:.

HOW To:.

HOW To:. My Collaborative Spaces Project Falcon CSP I Body 3 member(s) CSP I Electrical Author 2 member(s) x Admin Space Shashi GANDHI My Project Shashi GANDHI - 07/19/1 - 02/03/2 DEMO Shashi GANDHI - 08/01/1 Project Falcon Shashi GANDHI - 02/05/2 Engineering Design GANDHI - 07/19/1 Sandbox Maximilian BEHRE - 07/1.

HOW To:.

P&O Concepts - Organization. Defines a group of persons belonging to the same operational entity. Confidential data of an organization can easily be hidden from other organizations. 4 types of organizations in ENOVIA: Company, Business Unit, and Department Organizations can be created in a hierarchical manner Organizations contained within a hierarchy provide access by inheritance..

[Audio] Source Wikipedia. WHO: Person: Individuals invited to 3DEXPERIENCE Platform. User Group: Group of people based on common activities, skills or centers of interest. WHAT Content: Items produced by people. WHERE: Collaborative Space: Secure storage partitioned compartment. It provides an area where people with different job functions can collaborate to produce and deliver content; specific content belongs to one and only one collaborative space and organization. Your company can create as many collaborative spaces as needed for your business purposes, and you can be added as a member to any collaborative spaces and organization, regardless the company you are employee of. 3DSpace service is the dedicated service for content such as Projects, Bookmarks, Engineering Design, Engineering Simulation and Engineering Manufacturing. Content ownership: It is made up of a triplet [collaborative space, organization, responsible]. For instance, if you can move content from one collaborative space to another. WHY: Access Role: Defines your regular access privileges to content belonging to a collaborative space and an organization, For instance, you may be assigned as Administrator of the whole platform, Leader for a specific collaborative space and organization and Reader for another collaborative space and organization. Credentials: It is made up of a triplet [Access Role, Organization, Collaborative Space]. User’s assigned credentials determine your regular access to content within the 3DSpace service. When you login to the platform, you are prompted to select a credential that defines in which collaborative space and on behalf which organization, content will be created. Sharing content: You can also share selectively content with others user groups with specific access (e.g. “Can Edit”). However, content still belongs to its collaborative space and organization. HOW: Access Rule: Specifies which operations (e.g. Read, Create, Edit) can be performed on content based on user’s credentials and content ownership. Security Engine: A software component that computes access to content based on user’s credentials and content ownership. It relies on optimized security indexation for improved performance and seamless integration with other services, such as 3DSearch..

Definition Account for themselves to the public through statutory and external reporting Management structure can include divisions, subdivisions, lines of business, strategic business units, profit, and cost centers functional organization structured around people and their 9 8 Organization concept Legal Structure Management Structure Functional Structure Legal Structure: Management Structure: Functional Structure: 3DSpace Organization type example Company, Business Unit Business Unit, Department competencies Company Business Unit Engineering Department OEM Company His' Päréht¯ ¯ ¯ • -HäSPäréht-•-•- Finance Department Lighting AG Supplier Has Parent Lighting Seat co. Supplier Has Parent Seat IT Engineering Engineering DASSAULT I The 3DEXPERlENCE'Companu SYSTEMES.

Best Practices Value proposition. Recommended Set Up.