Parent page: Server Items
A managed content server provides secure handling of data with high integrity, while providing both Design Team and Supply Chain access to that data as needed. This latter aspect, of whom can access a Server, and more importantly what data they are allowed to access, is facilitated by the Server's user access control and sharing capabilities. These can be broken down into the following key areas:
User Management
Which people are able to connect to the Server (through Altium Designer or an external browser). Management of users, as well as defined Roles (groupings of users), is performed using the Server's browser-based interface. This can be done from an external browser. For detailed information, see Browser-based Access & Management.
Which people are able to connect to the Server (through Altium Designer or an external browser). Management of users, as well as defined Roles (groupings of users), is performed using the Server's browser-based interface. This can be done from an external browser. For detailed information, see Browser-based Access & Management.
Folder-level Sharing
Providing the ability to control who is able to see what content in the Server by sharing Server folders. This allows control over whether other users can simply view a folder and its content, or also edit it (effectively releasing/committing/uploading design data into it). A single managed content server can be partitioned into various effective 'zones' of content, but with controlled folder-level permissions, the content can be made selectively visible, or hidden, as required, giving the right people, the right access, to the right data.
Item-level Sharing
Providing the ability to control who is able to see which Items in a shared folder. Think of this as a finer level of sharing, in contrast to the coarser level of sharing provided through folder access control. Provided a user has access to the folder itself, they will then be able to view/edit (as permitted) Items within that folder that are shared with them.
Item Revision-level Sharing
Providing the ability to control who is able to see which revisions of a shared Item. Think of this as the finest level of sharing. Provided a user has access to a parent Item itself, they will then be able to view/edit (as permitted) revisions of that Item that are shared with them.
This document takes a look at the sharing capabilities of a managed content server.
Altium Designer can work with a single type of managed content server - an
Altium NEXUS Server. A distinct design solution in its own right, the Altium NEXUS Server is a dedicated, on-premise local server for all your managed content.
Altium NEXUS can work with the following types of managed content server:
- Altium NEXUS Server - an on-premise local server for all your managed content.
- Altium Vault - an on-premise local server for all your managed content (now considered legacy).
While you can continue to use your existing Altium Vault with Altium NEXUS, in what is sometimes referred to as 'compatibility mode', bear in mind that the Altium Vault, as a product, is no longer developed. Altium Vault 3.0 was the last release, beyond which only maintenance updates would be made. To ensure you have access to the latest features and functionality, you are encouraged to switch to using an Altium NEXUS Server.
Folder-Level Sharing
A managed content server supports the ability to 'share' Server folders - facilitating connection to, and access of, Server content of a particular nature. By sharing folders, design content in a Server can be easily partitioned and shared with others.
A folder in a Server can be shared on a number of different levels, in effect defining both the level of visibility of that folder, and the level of security for access to it. This can range from being strictly private access by specified individuals or roles, through to levels for allowing anyone in the same organization to view or change content respectively.
Those with administrator-level privileges (members of the Administrators role) will be able to see and manage all folders. For a non-administrative user of the Server, only those folders that have been shared - i.e. the user has permissions to access - will be accessible when the user signs in to that Server. In addition, non-administrative users of the Server can only share a folder they have created.
Accessing Folder Sharing Controls
Folder-level sharing permissions can be configured from two locations:
- The Explorer panel, when signed in to the managed content server through Altium Designer.
- The Explorer page when signed in to the managed content server through an external Web Browser (part of the Server's browser-based interface).
Folder Sharing using the Explorer Panel
From the Explorer panel, sharing permissions for a folder can be set up at the time of adding the folder, or at any stage after its creation. Sharing controls are accessed from the folder's associated properties dialog, by clicking the Folder Permissions link at the bottom-left of the dialog. This will give access to the Permissions For Folder dialog - command-central for specifying just how the folder is shared.
Access the Permissions For Folder dialog, with which to control how the folder is shared with others.
Folder Sharing using the Browser-based Interface
From the Explorer page of the Server's browser-based interface, sharing permissions for a folder can be set after the folder has been created. Sharing controls are accessed by right-clicking over the folder's entry, and us ing the Share Folder command from the context menu. The Manage Permissions window will appear, from where the access permissions for the folder can be modified as required.
Configure folder-level sharing from the Server's browser-based interface.
Configure folder-level sharing from the Server's browser-based interface.
Configure folder-level sharing from the Server's browser-based interface.
A great benefit of configuring permissions through the Server's browser-based interface is that an account admin isn't tied to a PC on which Altium Designer is installed, and a connection to the Server is made. They can effect a change in the Server's folder sharing permissions from anywhere they can get an internet connection.
Sharing with Specific Users and Roles
Use the Permissions For Folder dialog/Manage Permissions window to determine exactly who is allowed to access and 'see' that folder. Use the Add User and/or Add Role controls to access dialogs/controls with which to add users and/or roles respectively - ultimately creating a specific access list for sharing folder content.
The owner of the folder (the user who created the folder) will always have full access to all content that the folder holds. As such, an entry for the Owner
is added by default to the list of specific users and roles, and cannot be removed.
Example of adding a user and a role. Roll over the image to compare configuration in the Explorer panel, with configuration through
the browser-based interface.
The following image shows the result of adding a single user (Neal Geneare
) and a single role (Procurement
) to the permissions list for a folder.
The result of adding a single user and role to the permissions list for both Explorer panel interface (background) and browser-based interface (foreground).
Things to be aware of:
- In terms of permissions, a user/role has Read/Write access when the Can Write option is enabled. If this option is disabled, they have Read access only.
- To remove an existing user/role from having access to the folder:
- Explorer panel interface - select the user/role in the Permissions for Folder dialog, then click the button.
- Browser interface - click the associated Remove control ().
- If you want all users of the managed content server to have access to the folder, add the Public entity, by using the Add Public control.
In the Permissions for Folder dialog, the Can Edit option defaults to enabled, giving users/roles Read/Write access when they are added. In the browser-based interface, you have the opportunity to set the permission level at the time of searching for a user/role, using the Permission field. Use the drop-down to choose betwen Read access, or Read/Write access.
When configuring sharing through the
Explorer panel, users and roles that are newly added will not be finalized (saved) until clicking
OK in both the
Permissions For Folder dialog
AND the
Add Folder/
Edit Folder dialog. When configuring sharing through the browser-based interface, these additions will not be finalized (saved) until the
button is clicked in the
Manage Permissions window.
Descendant Permissions
Permissions defined for a folder can be applied to sub-folders and the Items (and revisions) they contain, by enabling the Apply to Children option - in the Permissions for Folder dialog (Explorer panel interface), or Manage Permissions window (browser-based interface).
Enable the Apply to Children option to pass permissions defined for the folder to descendant child folders, and Items (and revisions) therein.
This allows a specified user (or role) to be able to see all content under the folder being shared. Conversely, by having this option disabled, a user will only be able to see the root folder - the content in any sub-folders will be unavailable, unless explicitly shared.
Specifying who can Change Permission Settings for a Folder
When configuring folder-level sharing through the Explorer panel, the owner of the folder, or an administrator for the Server, can specify the Sharing Control for that folder - who is allowed to change the permissions for that folder. This is performed from the Permissions For Folder dialog, using the Permissions can be modified by field.
Specify sharing control for a folder.
The following levels of control are supported:
- Owner - only the owner of the folder can change the permissions. Editors cannot change access permissions.
- Collaborators - editors have full control to manage access permissions for the folder.
Item-Level Sharing
Sharing a folder within a managed content server is one thing, but sharing the data within that folder is another altogether. For example, a folder may be in use by two teams, with content from one team not intended for general consumption, while the other team's data is public-facing. Certain data - more specifically the Items and revisions thereof - is therefore required to be hidden, while still allowing applicable users to see the remaining content. In support of this, a managed content server supports the ability to 'share' Items within Server folders, offering a finer level of sharing when it comes to the actual data in a Server..
Those with administrator-level privileges (members of the Administrators role) will be able to see and manage all Items. For a non-administrative user of the Server, only those Items that have been shared - i.e. the user has permissions to access - will be accessible when the user signs in to that Server. In addition, non-administrative users of the Server can only share an Item they have created.
As with folder-level sharing, Item-level sharing permissions can be configured from two locations:
- The Explorer panel, when signed in to the managed content server through Altium Designer.
- The Explorer page when signed in to the managed content server through an external Web Browser (part of the Server's browser-based interface).
Item Sharing using the Explorer Panel
From the Explorer panel, sharing controls are accessed from the Item's associated properties dialog. Click the link, located below the Item ID field. This will give access to the Permissions For Item dialog - command-central for specifying just how the Item can be shared.
Access the Permissions For Item dialog, with which to control how the Item is shared with others.
Item Sharing using the Browser-based Interface
From a browser-based interface, sharing controls are accessed by right-clicking over the Item's entry, and using the Share Item command from the context menu. The Manage Permissions window will appear, from where the access permissions for the Item can be modified as required.
Configure Item-level sharing from the Server's browser-based interface.
Controls for working with permissions at the Item-level are much the same as for defining permissions at the folder level. Sharing permissions for an Item can be set up at the time of creating the Item, or at any stage after its creation.
If an Item in a Server folder is shared with a given user, but the folder itself is not, then the user will not be able to 'see' that Item when browsing the Server's content.
If the same users/roles permitted to 'see' a folder are also required to 'see' the Items therein (and in each sub-folder as applicable), use the
Apply to Children option - in the
Permissions for Folder dialog (
Explorer panel interface), or
Manage Permissions window (browser-based interface) - when defining the permissions for that parent folder. In this way, permissions are inherited quickly at the Item (and Item Revision) level. Adjustments can always be made for specific Items (or revisions) at those lower levels. At the end of the day, full control over who sees what, and where, is facilitated.
Item Revision-Level Sharing
As with folders and Items, an Item Revision in a managed content server can also be shared with permitted users/roles. Item Revision-level sharing is only truly configurable through the Explorer panel. It is not fully supported using the Server's browser-based interface. The difference is that through the Explorer panel, you can specifically share individual revisions, whereas the browser interface simply supports Item-level sharing, and if an Item is shared, all of its revisions are shared too.
Those with administrator-level privileges (members of the Administrators role) will be able to see and manage all Item Revisions. For a non-administrative user of the Server, only those Item Revisions that have been shared – i.e. the user has permissions to access – will be accessible when the user signs in to that Server. In addition, non-administrative users of the Server can only share an Item Revision they have created.
Controls for working with permissions at the Item Revision-level are much the same as for defining permissions at the folder- or Item-level. Sharing permissions for an Item Revision can be set up at the time of creating the parent Item, or at any stage after its creation. Sharing controls are accessed from the Item's associated properties dialog. Click the Advanced control to expand the dialog to see the Item's advanced properties, then click the link, located below the Lifecycle Definition field. This will give access to the Permissions For Item Revision dialog - command-central for specifying just how the Item Revision can be shared.
If accessing the
Item Properties dialog for the top-level parent Item, clicking the
Revision Sharing control will access the permissions dialog for the latest revision of that Item. To configure sharing permissions for a previously released revision of the Item, make sure to access the
Item Properties dialog for that specific revision.
Access the Permissions For Item Revision dialog, with which to control how the Item Revision is shared with others.
If the same users/roles permitted to 'see' an Item are also required to 'see' its Item Revisions, use the
Apply to Children option - in the
Permissions for Item dialog (
Explorer panel interface), or
Manage Permissions window (browser-based interface) - when defining the permissions for that parent Item. In this way, permissions are inherited quickly at the Item Revision level. Adjustments can always be made for specific Item Revisions at those lower levels. At the end of the day, full control over who sees what, and where, is facilitated.