08 July 2013

Security – Who can see your PLM data?


Fundamental to any PLM system is the idea of Access Control and data security. Only authorized personnel can access a PLM system and view or manipulate its contents. This is controlled via a login procedure that includes a user password. Personnel are added to the list of authorized users by the PLM administrator after someone has approved of their specific access rights.

Once access has been granted to users, it must then be determined what operations they can carry out on the PLM system. The simplest (and default) security model which allows all users to carry out any operation is very undesirable and could lead to actions that can destroy or leak vital data.

This scenario requires the development of a Security model which determines which user can carry out which operations. Security models are normally based on two concepts:

1. Roles

2. Organizations

A role in the database would define what the user who is assigned that role is allowed to do. Typical roles are as follows:

1. Viewer – this role would be allowed to view data but not make any alterations or modifications

2. Team Member – this role would be allowed to alter and update a limited subset of the data along with been able to carry out certain operations (e.g. initiate a workflow)

3. Team Leader – this role would be able to do everything that a Team Member could do along with the ability to operate on a larger subset of data and carry out more operations (e.g. progress a workflow, change ownership)

4. Approver – this role would be able to approve certain operations on the data (e.g. approve a release of information)

5. Database Admin – normally limited to a handful of technically qualified people.
Once roles in a database have been defined, the organizations are put in place. These normally mirror actual organizational structure although this is not a necessity. Organizations in a PLM system usually work on specific projects or programs. Once the organization is defined, users are allocated to various organizations and are assigned specific roles.

The final result can be represented in a table as follows:

Within Organization Outside Organization
User Role View Modify Approve View Modify Approve
John Doe Team Leader Y Y Y N N N
Paul Revere Team Member Y Y N N N N
David Earp Approver Y N Y Y N N

So how is security set up in your PLM system? Are all the security capabilities been used to ensure that no intellectual property is destroyed or leaked?


1 comment: