Access to Once a library is created, the access rights to it can be set. This is administered via Manage Libraries.
- Access Right Options
- Inherit Access Rights From Parent Library
- Applying Inherited Access to Sub-libraries
- Adding Access Rights for a User
- Adding Access Rights for a Group
- Changing Access Rights
- Removing Access Rights
- Revert Changes
- You must have "Change" rights to the library in order to make changes to access rights.
The access control list is displayed in the Access Rights section, as shown above, and lists the user groups and individual users who have access to the items in the selected library as well as what type of access they have.
Group entries do not display a Name value.
An icon indicates that you are included as user or member of the group.
To begin with, a library always has an owner and the owner is displayed in the Properties section at the top:
It can be changed by a user who has Change rights by clicking on the Change button and selecting the new owner.
Access Right Options
The following access rights to libraries are available:
Access to read items (e.g., description, parts and other item properties) in the library, including sub-libraries that are inheriting from the library.
Note: For read constraints to be effective, the security level of the server must be set accordingly on the Security tab by an Architect in swAdmin2.
Users can change the name and description of the library, create sub-libraries, and add or move items or sub-libraries to the library.
|Note: Write access alone does not provide the right to modify items in the library. To be able to both add and edit items in a library, a user needs both Write and Items Write access rights to the library. This applies regardless if the user is the owner of the library or of the item.|
Users can change user/group access rights to the library and move the library to another location in the library structure. Moving an item to a new library requires Items Change rights for the original library and Write rights to the destination library. However, if the user does not have Item Change rights to the destination library, the user will lose Change rights, and will not be able to move the item again (provided the user is not also the owner of the item).
|Note: The Owner of the library always has Change rights regardless of what access rights are selected for the owner.|
Users have rights to edit any item in the library, e.g., edit item description, attributes, and add parts. Items Write access alone does not allow a user to add items to a library.
Users can move items from the library. This access also allows the user to change the Status of items in the library, i.e., use the Delete, Thaw, Freeze and Release operations. The Owner of the library always has implicit Items Change rights.
The below table shows whether or not you can perform the operation if your sole access right to the library is that noted at the top of the column. "Source" vs "target", indicates where you have that right, i.e., in the source library where you are moving the item or library from, or the target library where you are moving the item or library to.
Note: Any rights assigned to an individual user will override those gained from being a member of a Group.
|Read||Write||Change||Items Write||Items Change|
|Item rights||Read an item||Yes||Yes||Yes||Yes||Yes|
|Add a new item||No||Yes||No||No||No|
|Edit an item||No||No||No||Yes||No|
|Change item status||No||Yes||No||No||Yes|
|Change Version info or Version text (Change log)||No||No||No||No||Yes|
|Move an item - source library||No||No||No||No||Yes|
|Move an item - target library||No||Yes||No||No||No|
|Library rights||Change the name and description of the library||No||Yes||No||No||No|
|Move a sub-library - source library||No||No||Yes||No||No|
|Move a sub-library - target library||No||Yes||No||No||No|
|Create a sub-library||No||Yes||No||No||No|
|Remove a sub-library||No||No||Yes||No||No|
|Change user/group access rights to library||No||No||Yes||No||No|
Inherit Access Rights From Parent Library
As described in Managing Libraries, libraries can be created within libraries. By checking the Access Is Inherited checkbox when viewing a sub-library, any rights settings in the parent library of the selected library are inherited to the selected library. If this option is used, all user and group access rights to the parent library will be inherited/applied to the selected sub-library as-is. That is, you cannot make any modifications to the inherited access rights. Aside from any inherited access rights, additional user and/or group access rights to the sub-library can be set up and they will be maintained. In other words, a library can have a combination of inherited and non-inherited access rights. The Access Is Inherited option is default for new libraries and must be actively deselected if it is not desired. In the screenshot at the beginning of this article, the Functional Design library inherits the access rights set for its parent - SystemWeaver Library.
Note: Remember, you cannot change any inherited access rights. If you want to modify such rights, you must remove the inheritance by deselecting the Access Is Inherited option described above. Once you deselect the option, all entries previously inherited will remain in the current library and can be modified or removed.
Applying Inherited Access to Sub-libraries
The security setting of a library includes the option to apply inheritance to sub-libraries. When Apply Inherited Access to all sub-libraries option is checked, the security settings will also be applied to the entire substructure. The operation only needs to be performed once since the inheritance option is stored for each library. The operation requires Change rights to the library where the operation is performed. The owner has the right to apply inherited rights to all sub-libraries. In the below example, this option was selected for the Test 0 library. All access rights to Test 0 are now also applied to Test 1 and Test 2 sub-libraries. This is indicated by the Access Is Inherited box at each sub-level.
Adding Access Rights for a User
- Select the library you want to give access rights to and click Add user.... The Select User(s) dialog displays.
Select the user or (or multi-select users) and click OK. Alternatively, you can double-click a user entry to add it. The user will display in the access control list.
Checkmark the access rights to assign to the user. In the below example, the individual user John Doe is being given Write rights and the Testers group will have Write and Change rights.
Click Apply changes.
If you do not click Apply changes, your changes will not save!
Adding Access Rights for a Group
The most practical way to assign access rights, especially for large systems, is to use groups.
- Select the library you want to give access rights to and click Add group.... The Select groups dialog displays.
- Select the group you want to add in the left-side pane. The members in the group will display to the right.
- Click OK to add the group. It will display in the access control list.
- Checkmark the access rights to assign to the user.
- Click Apply changes.
Changing Access Rights
- Select the library for which you want to change access rights.
- In the access control list, make the desired changes to the access by checking and/or unchecking the rights boxes in the user's or group's entry.
Click Apply changes.
Removing Access Rights
- Select the library for which you want to remove access rights.
- Select the user or group whose rights you want to remove and click Remove.
Click Apply changes.
|Note: Multi-select of users or groups is not possible when removing access rights.|
Click the Revert changes button to rollback any changes you have made, including any entries you have removed. When the settings meet your needs, click Apply changes to save and apply them.
|Note: The systemwide Viewer role overrides any write or change access to a Library. Example: If a user has write/change access to a library but has the Viewer role assigned, they will only have "Read only" access to all data.|
Read more about other aspects of Libraries.
|Tip: The Path Query Language can be used to view data related to library and access rights in, e.g., a configurable grid or graph.|