General rights

Overview

General rights are implemented as user groups that control access to specific functional areas of the application. These rights determine whether users can perform key actions such as formulating data, importing files, or configuring home pages.

Assignment and Configuration

These rights are not universally granted to all users. Instead, they are assigned selectively to certain individuals or to members of specific user groups. This allows for a tailored permission model that aligns with each user's role and responsibilities within the organization.

Configuration of these rights is managed through Profiles, where administrators can parameterize which, general rights are associated with which roles. This profile-based assignment model enhances flexibility and simplifies management by allowing bulk configuration based on user roles.

Simplifying Administration

To streamline the administrator’s daily tasks, general rights, previously referred to as responsibilities have been consolidated into a category called General within the group settings. This integration helps centralize and organize access control, making it easier to locate and manage the relevant rights.

Most of these general rights are pre-assigned to the Administrator group, ensuring that users in this role have full access to manage the application and oversee its configuration and operation.

Rights Enforcement

It is important to note that even if a user interface element (such as a button or menu option) appears visible to a user, the system will still perform a rights check before allowing the action to proceed. This safeguard ensures that only authorized users can execute restricted operations, even if the functionality is visually accessible.

By grouping and parameterizing general rights, PLM provides a structured and secure way to manage application functionality while maintaining administrative efficiency and enforcing appropriate access control throughout the system.

Modify general rights in a profile

Go to the Profiles Section

1. Click on the Burger menu in the top-left corner.

2. Go to Administration.

3. Select Resources.

4. Click on Profiles.

5. You will now see the Profiles page with a list of existing profiles.

6. Select a Profile. Click on the name of the profile you wish to view or manage. This will open the profile details page.

7. Profile page list. On the profile page, click Manage General Rights.

8. Configure general rights. A tabbed interface will open, displaying general rights grouped by categories. Each tab contains a list of specific rights that can be modified.

9. To configure access rights for a particular object type, you can toggle the rights by clicking on the corresponding icon:

Current Status	Action	Result
Right Disabled (Red icon)	Click the red icon	Changes to Enabled (Green icon)
Right Enabled (Green icon)	Click the green icon	Changes to Disabled (Red icon)

This allows you to quickly grant or revoke access rights for each general right linked to the profile.

Example of a General Right: ImpMgr

The ImpMgr right is a general access right used to control access to the data import feature within the PLM application.

Purpose

• This right ensures that only authorized users can perform data imports, which is a sensitive and potentially high-impact operation.

Behaviour

• Users who have the ImpMgr right will be able to see and use the import button in the interface.

• Users without this right will not see the import button at all, effectively preventing them from accessing the feature.

This is a practical example of how general rights can be used to control access to specific application functions, enhancing both usability and security.

Default General Rights in PLM

The following is a list of general rights that are available by default in PLM. These rights can be extended or customized based on customer-specific requirements.

Each right (also referred to as “responsibility") grants users’ access to administrative or functional capabilities within the application.

Responsibility	Access Description
Admin	Allows creation of dictionaries and configuration of technical elements; enables setup of system settings and user profiles.
AllDelegationMgr	Grants the ability to create delegations for any user in the system.
AllProjectMgr	Allows users to browse across PLM without being tied to a specific project; users can view all projects and associated objects.
ChgMgr	Full management of change orders, including creation, modification, and deletion.
ChgMgrResp	Administration of change folders within change order management.
CmpMgr	Permission to make comparison statuses public.
ConfidMgr	Enables the modification of confidentiality settings.
DelegationMgr	Allows users to create a delegation for their own account.
ExpMgr	Grants the ability to perform data exports.
ExportURLMgr	Right to create URL links to access vault objects.
FltMgr	Allows the creation of public filters.
FlatMgr	Enables creation of public templates for flattened configurations.
HistoMgr	Grants the skill to make a file invisible by changing its status to Historized (used to avoid displaying the latest validated version).
ImpMgr	Enables data import functionality.
LinkMgr	Grants rights to administer link hierarchy rules.
MClassMgr	Provides access to multi-type search capabilities.
MilMgr	Rights to create, modify, and delete processes (workflows or milestones).
NoProjectMgr	Allows a user to log in using “no project” mode, even without being assigned to any authorized project.
ObjectsSubscriptionsMgr	Enables users to subscribe to a group to a filter.
ProjectMgr	Allows a user to modify project data even if they are not a member of the project group.
SettingsMgr	Right to manage user-specific settings.
SmartViewMgr	Grants permission to make Smart Views public for shared usage.
StateMgr	Allows manual status modification of items. (Note: statuses like “In modification” or “In work” cannot be manually modified.)
TaskMgr	Enables users to manage tasks.
UsedByProjectMgr	Allows modification of nodes without filtering based on the current project.
ValidMgr	Permission to change an item’s status to "Valid".
VaultMgr	Grants access to vault classification features.
WelcomeMgr	Right to configure welcome pages shown upon login.

 

General Description of Rights by Category

The following tables list and describe the default general rights (also referred to as responsibilities) in PLM. These rights are categorized based on their functional area. Each right grants access to specific features or behaviours within the application.

1. Organization per Project

Right	Description
AllProjectMgr	Allow navigation throughout the application without being tied to the current project. The user can view all projects and associated objects.
NoProjectMgr	Allow users without access to any project to log in using the "No Project" mode.
ProjectMgr	Grants permission to modify a project even if the user is not part of a project-specific group.
UsedByProjectMgr	When inserting or replacing a node in a project template configuration, this right disables the "Initialize the filter with the current project" constraint.

2. Data Export

Right	Description
ExpMgr	Grants the ability to export data from a personal location.
ExportURLMgr	Allows users to create URL links to repository objects (specific to Lascom AEC).
XLMgr	Enables visibility of the “Export to Excel” button.
XLWKDeleteMgr	Grants access to the "Include deleted lines" checkbox when importing Excel files (OfficeWorkshop module).
XLWKMgr	Enables the "Export to Excel with Template" button in OfficeWorkshop.

3. Publishing

Right	Description
CmpMgr	Allows publishing of comparative models.
FlatMgr	Grants the ability to publish pooled configuration templates.
FltMgr	Enables publishing of filters (typically assigned to FltMgr group).
MClassMgr	Grants the ability to publish multi-type searches.
SmartViewMgr	Allows making a hierarchical search public.
XSearchMgr	Enables users to make advanced (deep) searches public.

4. Advanced Profile Management

Right	Description
AllDelegationMgr	Grants permission to create delegations for any user.
ChgMgr	Allows management of change orders (create, delete, modify).
ChgMgrResp	Grants administrative rights over change folders.
DelegationMgr	Allows users to create delegations for their own accounts.
HistoMgr	Adds the ability to set a form to “Historic” state, hiding it from recent views. Without this right, historic forms may reappear as the last valid version.
ImpMgr	Enables data import functionality.
MilMgr	Allows access to broadcast processes and related file repositories.
SettingsMgr	Grants access to manage user options and preferences.
VaultMgr	Required to view and manage vault classifications.
TaskMgr	Enables full task management (tasks, groups, and models).
ValidMgr	Grants permission to validate documents, including high-priority validation at creation time. (Note: requires preconfigured validation workflows.)
WelcomeMgr	Allows creation or modification of welcome (home) pages for all users.

5. Special Profiles

Right	Description
Admin	Enables dictionary creation, system parameter configuration, and user profile definition. Also includes the ability to regenerate history.
ConfidMgr	Grants the ability to modify the internal CONFID property (confidentiality field), provided the dictionary mask hasn’t been intentionally overridden.
LinkMgr	Right to manage objects in the link hierarchy module; integrates with the System Administrator plug-in.
MilMgr	Enables users to view the broadcast structure tree.
ObjectsSubscriptionsMgr	Allow users to subscribe to a group to a filter.
StateMgr	Grants manual modification rights over the STATE property (status). Note: “In Modification” and “In Work” statuses cannot be changed manually unless dictionary settings allow it.