Asset View-Specific Permissions

Asset security is a feature that allows even more granular control of access to information than our generic permission settings do. It allows you to set what asset views in your database you want each user to have access to.

Asset security works on the principle that all users have access to everything by default, and then database admins remove access as necessary. Restricting access is as simple as creating an asset view that contains the parts of the hierarchy to be restricted, and then setting appropriate access rules on that asset view. Parts of the hierarchy can appear in multiple views with multiple security rules and the rules will be applied across all of their views.

Example

Suppose you have the following asset hierarchy:

_images/main_menu.database.asset_security.1.png

You want to restrict access to the “Offshore” part of the hierarchy by making it visible to Offshore Engineers but block access to Onshore Engineers. To do that, make settings as follows:

  1. Log in as an administrator.

  2. Ensure that you have created user groups for “Offshore Engineers” and “Offshore Engineers”.

  3. On the ASSETS screen, create a new Asset View (see Asset Views) and give it a helpful name, such as “Offshore assets - Offshore Engineers only”.

  4. Display the new Asset View by clicking Asset Views ‣ Offshore assets - Offshore Engineers only.

  5. Insert the Offshore part of the hierarchy as a link:

    1. Choose Assets ‣ Add ‣ Linked Asset (With Children) from the toolbar.

    2. Select the relevant offshore asset and click OK.

  6. Set the permissions on this asset view as follows:

    1. Choose Asset Views ‣ Edit.

    2. On the Permissions tab, click Add.

    3. Set appropriate permissions for each user group:

      • For Offshore Engineers, set the permissions to “Read/Write” to give them full access.

      • For Onshore Engineers, set the permissions to “Deny All” to block these users.

    Result

    The Offshore Engineers will have full access to that part of the tree, and Onshore Engineers will have no access. This access will be applied across asset views, so that Onshore Engineers will not be able to circumvent their restrictions by switching to a different asset view. If people who are blocked from assets try to view them, they will see the following:

    _images/main_menu.database.asset_security.2.png

Note

  • In setting up asset level security rules, a user will have the lowest access they have set up.

  • If you remove a user group’s access from the “Default View”, it will give them no access to any assets (as they now have deny access on all assets).

  • If a user belongs to multiple user groups, and one of the groups has access in one view but another group does not have access, then the user will not have access to the assets. The rule is that the most restrictive permission is applied.

  • Giving a user Read-Only access is the same as Deny Write (in this context).

Asset security also applies to Library items. If a library item is connected to an asset that the user has no permission to read and/or write, then the user will similarly have no permission to view and/or edit that library item.

Note that asset security is likely to have an impact on performance, because NEXUS IC must look up every asset to check its security before it can be displayed to the user.