Managing Access Rights for Released PCB Data in an Altium Vault Server

Frozen Content
Modified by Admin on Jun 19, 2014
Contents
This page contains information regarding a legacy Altium Vault Server. For information relating to the latest Altium Vault, see Controlling Access to Vault Content.

In previous releases of Altium Designer, direct access to data for a released PCB design project could be effectively controlled by a vault administrator through careful configuration of folder-level access permissions. However, this direct folder-level access to the data did not control which elements of the release data were accessible. So both the design snapshot AND the generated data were available. When interfacing to the manufacturer, only the fabrication and assembly "instructions" need to be shared, keeping the valuable design IP 'under wraps' as it were. And while a solution was available – to Publish only the data required by the Fabrication and Assembly Houses to fabricate and assemble the board respectively – this required the involvement of dedicated Publishing Destinations.

With Altium Designer 14.0, direct access to data within a vault has been enhanced, with the ability to now manage access to an Item Revision's data for a released PCB design – allowing users to see only the portion of data they are allowed to see, while by-passing the need for additional publishing. This is made possible by the introduction of sharing at the individual Item Revision level, and the propagation of sharing permissions through to a revision's data folders (Released Documents and Design Snapshot). In this way, a standard set of sharing permissions can be defined at the Item level and passed through to its revisions, while having independent control over how the data for those revisions is shared.

Item Revision-level sharing, and management of access to revision data are features that are only available when using an Altium Vault Server, as part of its wider user access control and sharing capabilities. An Altium Personal Vault does not offer user and access control management, so there is no notion of sharing or folder/Item/Item Revision-level access permissions. However, publishing of data is supported.

Management of users, as well as defined roles (groupings of users), is performed using the Altium Vault Server's browser-based interface. This can be done either from an external browser or via the relevant views under Altium Designer's Home page. For detailed information, see Browser-based Management of an Altium Vault Server. For a detailed look at the folder-level and Item-level sharing capabilities of the Altium Vault Server, see Controlling Access to Content in an Altium Vault Server.

Item Revision-Level Sharing

As with folders and Items, an Item Revision in a vault can be shared on a number of different levels, in effect defining both the level of visibility of that Item Revision, and the level of security for access to it. This can range from being strictly private access by specified individuals or roles, through to levels for allowing anyone in the same organization to view or change that Item Revision respectively.

Item Revision-level sharing is only configurable through the Vaults panel. It is not supported using the vault's browser-based interface.

Those with administrator-level privileges will be able to see and manage all Item Revisions. For a non-administrative user of the vault, only those Item Revisions that have been shared – i.e. the user has permissions to access – will be accessible when the user connects to that vault. In addition, non-administrative users of the vault can only share an Item Revision they have created.

Controls for working with access and permissions at the Item Revision-level are much the same as for defining access and permissions at the folder- or Item-level. Sharing permissions for an Item Revision can be set up at the time of creating the parent Item, or at any stage after its creation. Whether adding or creating, sharing controls are accessed from the Item's associated properties dialog. Simply click the Revision Sharing link (or  icon) at the bottom-left of the middle region of the dialog (beneath the Lifecycle Definition field). This will give access to the Permissions For Item Revision dialog – command-central for specifying just how the Item Revision can be shared.

If accessing the Item Properties dialog for the top-level parent Item, clicking the Revision Sharing control will access the permissions dialog for the latest revision of that Item. To configure sharing permissions for a previously released revision of the Item, make sure to access the Item Properties dialog for that specific revision.

Access the Permissions For Item Revision dialog, with which to control how the Item Revision is shared with others.

To enable management of access rights to that Item Revision's data, ensure the Control access for revision documents option is enabled.

The concept of controlling access to an Item Revision's documents is only available for blank board (altium-pcb-blank) and assembled board (altium-pcb-assembly) Item types.

If the same users/roles permitted to 'see' an Item are also required to 'see' its Item Revisions, use the Apply to revisions option in the Permissions For Item dialog when defining the permissions for that parent Item. In this way, permissions are inherited quickly at the Item Revision level. Adjustments can always be made for specific Item Revisions at those lower levels. At the end of the day, full control over who sees what, and where, is facilitated.

Managing Access Rights for Revision Data

With the option to control access for a revision's documents enabled as part of that revision's sharing permissions, those defined permissions will be propagated to the data folders for that revision. Permissions can then be varied independently for the Released Documents and the Design Snapshot – the two data folders for the Item Revision. Permissions for these data folders can be accessed either from the Preview view for the Item Revision within the Vaults panel, or from the detailed view for the Item within Altium Designer (right-click on the Item's entry in the Vaults panel and choose Full Item History).

Right-click within the region for the Released Documents or Design Snapshot, and choose Manage Permissions from the context menu. The Permissions For Data Folder - Released, or Permissions For Data Folder - Design dialog will appear respectively. Set the permissions as required for each set of data, in accordance with whom you would like to see the data.

Set access permissions independently for the generated release data and the design snapshot - sharing fabrication and assembly files, while protecting your valuable design IP!

The following image shows what user Wally Righter sees when he accesses the Altium Vault Server. Since he is included in the access permissions for the Released data folder, he can access the Released Documents for the Item Revision. However, the Design data folder has not been shared with this user – he is not shared as an individual, nor is he a member of the Design Team role. He therefore sees no content in the Design Snapshot region for that Item Revision.

The parent vault folder no longer needs to be shared with a user for them to see an Item specifically shared with them. Similarly, the parent Item does not have to be shared for the user to see a specifically shared revision of that Item. These specifically shared Items and Item Revisions will be available for their access (viewing) in a dedicated vault folder – Shared with me.

An example of restricting data access for an Item Revision. User Wally Righter can see the generated release data, but is prohibited from seeing the design snapshot.

You are reporting an issue with the following selected text and/or image within the active document: