Managing Access Rights for Released PCB Data in an Altium Vault Server
In previous releases of Altium Designer, direct access to data for a released PCB design project could be effectively controlled by a vault administrator through careful configuration of folder-level access permissions. However, this direct folder-level access to the data did not control which elements of the release data were accessible. So both the design snapshot AND the generated data were available. When interfacing to the manufacturer, only the fabrication and assembly "instructions" need to be shared, keeping the valuable design IP 'under wraps' as it were. And while a solution was available – to Publish only the data required by the Fabrication and Assembly Houses to fabricate and assemble the board respectively – this required the involvement of dedicated Publishing Destinations.
With Altium Designer 14.0, direct access to data within a vault has been enhanced, with the ability to now manage access to an Item Revision's data for a released PCB design – allowing users to see only the portion of data they are allowed to see, while by-passing the need for additional publishing. This is made possible by the introduction of sharing at the individual Item Revision level, and the propagation of sharing permissions through to a revision's data folders (Released Documents and Design Snapshot). In this way, a standard set of sharing permissions can be defined at the Item level and passed through to its revisions, while having independent control over how the data for those revisions is shared.
Item Revision-Level Sharing
As with folders and Items, an Item Revision in a vault can be shared on a number of different levels, in effect defining both the level of visibility of that Item Revision, and the level of security for access to it. This can range from being strictly private access by specified individuals or roles, through to levels for allowing anyone in the same organization to view or change that Item Revision respectively.
Controls for working with access and permissions at the Item Revision-level are much the same as for defining access and permissions at the folder- or Item-level. Sharing permissions for an Item Revision can be set up at the time of creating the parent Item, or at any stage after its creation. Whether adding or creating, sharing controls are accessed from the Item's associated properties dialog. Simply click the Revision Sharing link (or icon) at the bottom-left of the middle region of the dialog (beneath the Lifecycle Definition field). This will give access to the Permissions For Item Revision dialog – command-central for specifying just how the Item Revision can be shared.
To enable management of access rights to that Item Revision's data, ensure the Control access for revision documents option is enabled.
Managing Access Rights for Revision Data
With the option to control access for a revision's documents enabled as part of that revision's sharing permissions, those defined permissions will be propagated to the data folders for that revision. Permissions can then be varied independently for the Released Documents and the Design Snapshot – the two data folders for the Item Revision. Permissions for these data folders can be accessed either from the Preview view for the Item Revision within the Vaults panel, or from the detailed view for the Item within Altium Designer (right-click on the Item's entry in the Vaults panel and choose Full Item History).
Right-click within the region for the Released Documents or Design Snapshot, and choose Manage Permissions from the context menu. The Permissions For Data Folder - Released, or Permissions For Data Folder - Design dialog will appear respectively. Set the permissions as required for each set of data, in accordance with whom you would like to see the data.
The following image shows what user Wally Righter sees when he accesses the Altium Vault Server. Since he is included in the access permissions for the Released data folder, he can access the Released Documents for the Item Revision. However, the Design data folder has not been shared with this user – he is not shared as an individual, nor is he a member of the Design Team
role. He therefore sees no content in the Design Snapshot region for that Item Revision.