In this topic: Hide
ATS CM4D has the option to control which Databases users can access and what each user is allowed to do within those Databases. Consider the following situations. A user starts CM4D and wants to connect to a new Database or use the Feature Editor to add a new feature to an existing Database. A second user opens CM4D Web in a browser window and wants to view reports. A third user wants to use DataSmith to output data to a DataSource.
How can you control whether or not each one of these users can or should accomplish these tasks?
Using the Site Manager application, an administrator can define Groups for different user types (or levels), and then assign Access Privileges and Data Privileges for each group. Access Privileges determine whether or not a user is allowed to connect to, use, or make changes to a specific Database. Data Privileges determine if a user is allowed to perform specific tasks, such as editing documents or outputting data to a Database. Users become members of one or more groups, and thereby gain the access and privileges assigned to the group.
· Privileges only apply for the Database(s) the group is given Access to within that group
· User Privileges for a given Database are an accumulation of the privileges of all groups to which the user is assigned
· Not all users will need to be able to make changes to Databases and documents
All groups must be assigned to the Site(s) and/or Database(s) to which its users will need access.
The Site Access level grants all users in the Group access to information that is stored within the Site Database.
For example, if a group has been given access to a Site but has not been given access to a DataSource within it, the users in that group will still be able to view any Managed Documents that connect to that DataSource but will not be able to load any data from that Database.
The DataSource Access level allows the users in the group to the selected managed Database. Granting access to a DataSource automatically grants access to the Site that is managing that DataSource.
In most cases, the first Routine Access option ‘Any Routine’ will be used for all selected Databases, granting access to all Routines (part data) within that Database.
Although very uncommon, additional control at the Routine level may be added by implementing Routine Access Codes. See here for more information on Access Codes.
Each group must be assigned the privileges that will be granted to the users of that Group. The available privileges are listed below (in Alphabetical order).
A user can see what privileges they have been assigned by checking the Session Properties dialogs in CM4D, DataSmith, or DataUtility.
Allows a user to open and view managed and unmanaged CM4D documents, but they cannot create or modify any CM4D documents.
This option is very restrictive and can sometimes interfere with some of the higher-level privileges, so it should not be assigned to users that with privileges such as Developer, Document Manager, Data Manager, etc.
Allows a user to use external scripting to automate certain functions of CM4D through Visual Basic. Access to the API via external scripts requires a special ATS CM4D License. Internal Scripts are controlled by the various Script privileges described below.
Allows a user to run the DataSmithBatch Manager application to create and modify Batch Jobs.
This privilege does not allow a user to run the DataSmithBatch Service, so if you would like a specific user to run Batch Manager and the Batch Service, then both the Batch User and the Batch Manager privileges must be assigned.
Allows a user to run the DataSmith Batch service and/or Batch Jobs. Users with this privilege must also be assigned the appropriate Data Manager privileges in order to add new data or make changes to existing data in the database. The most common privileges given to Batch users is the ‘Create Sample’ and/or ‘Modify Sample’. See the Data Manager section below for more information.
Allows a user to delete Process Change Log entries, modify any user comments, and turn logging on and off for a session of CM4D.
The ‘Disable Change Log’ child privilege allows the user to turn the Process Change Log function on or off during a session of CM4D.
Allows a user to run the DataArchiver application. Few users should be assigned the Data Archiver privilege, as the application allows for removing data from the Database.
A user with the Data Archiver privilege must also have the Data Manager ‘Delete Samples’ and ‘Delete Actuals’ privileges (the parent Data Manager privilege is not necessary).
Allows a user to make changes to the data stored in the Database.
For example, a user with the parent Data Manager privilege can use DataSmith to output data to DataSources, CM4D's feature editor to make changes to DataSources, or DataUtility to make changes to DataSources. Having all of the child Data Manager privileges is not equivalent to having the parent Data Manager privilege.
The Data Manager privilege has a parent level that grants all data modification privileges, and then child privilege levels under the parent privilege. These child privileges grant users a specific subset of the parent Data Manager abilities.
There are separate child privilege options to grant a user Create, Modify, or Delete privileges on specific types of data. For example, if a user had the privilege ‘Create Samples’, they could create new Samples and Actual values. The Create Samples privilege implies the Create Actuals privilege. If a user had only the Create Actuals privilege they would only be able to create Actuals. In order to modify existing samples, a user would have to have the 'Modify Samples' privilege.
The Data Manager privilege is a requirement for DataSmithBatch job users, but the parent Data Manager privilege is not always needed in order for a user to process a Batch Job.
In most cases, Batch Job users are assigned the child privileges ‘Create Sample’ and/or ‘Modify Sample’. However, keep in mind that if your Batch job will be doing more than processing new Samples into the Database, additional Data Manager child privileges may need to be assigned accordingly.
To assign or remove Causes in CM4D, a user must have the ‘Modify Actual’ child privilege. When a Cause is assigned to data, the reference to that Cause is saved on the Actual. Causes are stored in the database as a separate entity, the Cause-specific child privileges are only used for those Cause entities.
Allows a user to create and make changes to unmanaged CM4D documents. The user can also open Managed Documents, but cannot make changes to them.
Allows a user to create or modify Managed Documents, create or modify unmanaged CM4D documents, and perform the Managed Report Administration functionality in CM4D Web.
Allows a user to subscribe to EventSmith Alarm notifications on behalf of other users. Must also have the Event Manager privilege.
Allows a user to subscribe to EventSmith Alarms notifications in CM4D Web on behalf of other users. Must also have the Event Administrator privilege.
Allows a user to create and modify Database Filters using DataUtility. If a user has the parent privilege, Filter Manager, all six child privileges are implied by default (even when the six are not checked).
If a user has only a child Definition privilege, the child Element privilege is included. If the child Element is the only privilege selected, the user will not automatically have the child Definition privilege.
Allows a user to create and modify Scheduler Jobs within the Scheduler Manager application, as well as view Scheduled jobs for all users.
Having the Scheduler Manager privilege does not automatically grant the user to have Scheduler User privileges. In order to run jobs, a user must have the Scheduler User privilege in addition to the Scheduler Manager privilege.
Allows a user to runs the Scheduler and Launcher Services and/or Scheduler Jobs. A Scheduler User can then be used to run jobs without being granted the Scheduler Manager privilege.
If a Scheduler User does not also have the Scheduler Manager privilege, they will only be able to view (but not edit) their own scheduled and processing jobs in the Scheduler Manager application.
Allows a user to configure which .Net Assemblies (global or private) are available for use with internal scripting in CM4D via the Script Config dialog.
Allows a user to run any scripts created for the group(s) that the user belongs to.
Allows a user to run any scripts created for Public use.
Allows a user to run any scripts a user has created themselves.
Allows a user to create, modify, or remove scripts for all users that belong to the group selected in the script.
Allows a user to create, modify, or remove scripts that are available to all users in the Site.
Allows a user to create, modify, or remove their own scripts.
Allows a user to run the SiteManager application to create Sites, DataSources, Users, Groups, and assign access and privileges to those groups.
If the Enterprise Email Configuration is set up, users with this privilege and a valid email address will also receive CM4D Web User Registration notifications.
Allows a user to commit data to the Database using CM4D Workcell. A user with the Workcell Data Manager privilege will not be able to load data into a Database using any other applications (such as DataSmith), unless they also have the Data Manager privilege.
The Workcell Data Manager privilege can be assigned to a user without any other privileges if the user will only be running CM4D Workcell.