What is P&O?
- P&O means People and Organizations and defines the main security mechanism in the 3DExperience Platform
- It consists of:
- Persons
- Roles
- Organizations
- Collaborative Spaces
- Security Contexts
What is a Collaborative Space?
- A Collaborative Space is a logical container for partitioning data inside the 3DExperience Platform
- Collaborative Spaces are used primarily for access management
What is a Security Context?
- A Security Context defines a user’s working environment and is defined by the combination of:
- Role
- Organization
- Collaborative Space
- A person can be assigned multiple security contexts but only one is active at a time
- ctx::Project Lead.Company Name.GLOBAL
What does the P&O data model look like?
- The P&O security model consists of administrative objects and corresponding business objects
- Administrative Objects
-
- Business Objects
What is an ownership vector?
- Objects stored in the database are stamped with three properties that define its ownership. These properties are:
- Person (stored as the owner on the business object)
- Organization (stored as the organization on the business object)
- Collaborative Space (stored as the project on the business object)
- An object has a primary ownership vector (which comes from the user’s active security context) and zero or more secondary ownership vectors. The secondary ownership vector is used to share data with other users or across security contexts.
- Data access is determined by an object’s ownership vector(s)
What is One Click and CSE?
- One Click and CSE are two different deployment options for the 3DExperience Platform
- One Click is One-Click Deployment Experience, known as 3DSpace baseline behavior in 2017x
- CSE is Customer Specific Environment
- They each define a different set of roles and access rules
Are there different installers for One Click and CSE?
- No, there is only one installer
- There is no installation option
- Both One Click and CSE roles and access rules are installed OOTB
- One Click/CSE mode just defines which roles and access rules are used
- One Click is the default mode
How do One Click and CSE modes coexist in the same environment?
- Both One Click and CSE roles are installed and OOTB policy definitions include access rules for both sets of roles
- Exceptions:
- Not all ENOVIA applications are One Click compatible
- Native (VPM) apps do not support CSE roles OOTB
- Exceptions:
Can you be more specific about One Click?
- One Click (short for One-Click Deployment Experience) is an OOTB deployment access model with pre-defined roles, access controls, lifecycle maturity states, and process rules
- It includes tools for easily configuring some behaviors
- One Click roles are used across applications and are not domain specific. Because they are cross-application they are also called horizontal roles.
- It was known as R.A.C.E (Rapid Application Configured Environment) or TEAM prior to 2014x
- It is called 3DSpace baseline behavior in 2017x
What are the intended benefits of One Click?
- Speed up the implementation process and get to production faster
- Minimize the need for customizations
- Simplify the upgrade process
- Provide consistent behavior across applications
Are all ENOVIA applications One Click compatible?
- Most, but not all, ENOVIA applications are One Click compatible
- Applications that are One Click compatible support the One Click roles and access model and will include an “Access” section in its documentation that describe the supported One Click roles
- Native (VPM) apps (CATIA V6, DELMIA V6, etc.) are exclusively One Click OOTB
- To use native apps in CSE mode appropriate roles and policies have to be created
What are the One Click roles?
- There are 7 One Click roles:
- Reader (internal name is VPLMViewer)
- Contributor (internal name is VPLMExperimenter)
- Author (internal name is VPLMCreator)
- Leader (internal name is VPLMProjectLeader)
- Owner (internal name is VPLMProjectAdministrator)
- Administrator (internal name is VPLMAdmin)
- Public Reader (internal name is VPLMSecuredCrossAccess)
- Specific access and functionality provided by these roles is dependent on each application as described in the application documentation
So what exactly is CSE?
- CSE means Customer Specific Environment
- This is the legacy OOTB roles and access rules that are application or domain specific
- CSE roles are unique to each application. Because they are application-specific they are also called vertical roles.
- For example
- Project User in the Project Management application (Program Central)
- Design Engineer in the Engineering BOM application (Engineering Central)
- For example
How do I change between One Click and CSE?
- Navigate to Experience Configuration->Manage P&O and Content
- Select the Manage My Options icon
- Choose One-Click Deployment Experience (Baseline Environment in 2017x) or Customer-Specific Environment
- Save the change
Note: This only changes the behavior of the Manage P&O and Content user interface, what roles and security contexts can be created and assigned, and what behaviors can be configured
How do I use One Click mode?
- Navigate to Experience Configuration->Manage P&O and Content
- Select the Manage My Options icon
- Choose One-Click Deployment Experience (Baseline Environment in 2017x)
- Save the change
- Create Collaborative Space(s), define security contexts, and assign access to users
How do I use CSE mode?
- Navigate to Experience Configuration->Manage P&O and Content
- Select the Manage My Options icon
- Choose Customer-Specific Environment
- Save the change
- Create Collaborative Space(s), define security contexts, and assign access to users
Can I switch back and forth between One Click and CSE modes?
- Do not switch back and forth among the two modes
- After analyzing your requirements decide which mode best fits your needs and stick with that decision
- If you switch back and forth data will be stamped with both One Click and CSE ownership vectors and this is an unsupported condition
Can users be assigned both One Click and CSE roles?
- No, never assign both One Click and CSE roles to users
- Accesses granted by CSE roles and One Click roles may interfere with each other and result in unintended access issues
Are Collaborative Spaces different for One Click and CSE?
- Collaborative Spaces are marked as either One Click or CSE
- One Click Collaborative Spaces can be Private, Protected, Public or Standard
- One Click Collaborative Spaces have property SOLUTION set to Team and property FAMILY set to DesignTeam, StandardTeam or Admin
- CSE Collaborative Spaces can be hierarchical
- CSE Collaborative Spaces have property SOLUTION set to VPM
How can I tell if my environment is One Click or CSE?
- Check the selected setting under Experience Configuration->Manage P&O and Content->Manage My Options
- However, it is not enough to just check this setting because it only affects the Manage P&O Content user interface screens
- Check which roles have been assigned to users
- A One Click environment should only have VPLM roles assigned to users
- A CSE environment should only have application-specific roles assigned to users
- If users are assigned both VPLM and application-specific roles then the environment is a mixture of both One Click and CSE and is in an unsupported state
How do I decide between One Click and CSE for my deployment?
- This is not always a simple decision
- Some of the deciding factors include:
- The required roles and access rules
- The applications to be used
- If this is a new installation or an upgrade of an existing environment
- Required configurations and customizations to meet specific business process requirements
What are some reasons to use One Click?
- You are using native (VPM) apps (CATIA V6, DELMIA V6, etc.)
- The OOTB One Click access rules sufficiently meet your needs
- The OOTB business processes and behaviors meet your requirements
- OOTB supported configurations meet your requirements
- Application-specific roles are not required
- You are upgrading from a One Click/RACE/Team environment
- Configurations/customizations are restricted to UI elements, triggers, attributes, and type specialization and don’t affect OOTB policy definitions
What are some reasons to use CSE?
- You are using an application that is not One Click compatible
- The OOTB One Click access model doesn’t meet your requirements
- The limited number of One Click roles are too broad and don’t provide enough granularity
- You have to customize OOTB policy definitions and behavior
- You are migrating from an environment with X-CAD connectors that do not use or support the Team policies
- You are migrating from an environment with customized policy definitions
- You require parent/child collaborative spaces
Conclusion
3DEXPERIENCE Platform People & Organizations is the latest security model to provide secured access control to the data. Checkout our 3DEXPERIENCE courses.
Checkout our Other FREE Resources
3DEXPERIENCE Enterprise Knowledge Language
3DEXPERIENCE Platform Openness
CATIA Interview Questions with Answers
CATIA CAA RADE Interview Questions with Answers
————————————————–
🌍 For PLM / CAD Training Visit ► https://plmcoach.com
Follow PLM Coach on Social Media:
Facebook | Twitter | Pinterest
📧 Contact PLM Coach:
Follow the link to Training Inquiry Form to provide your details
Follow the link to Text PLM Coach on WhatsApp
☏ Mobile Number ► +91-7989703878
💌 Email ► [email protected]
————————————————–