You may have heard about operation-based access rules at Siemens PLM Connections and be as excited as I was to start using them. Unlike Access Manager rules which allow a user to see anything by default, OAR takes a different approach and denies access until a rule is applied that allows the user to see an object. This deny by default has many advantages as well as simplying the rules being applied.
Some of you, like me, may have been searching through the Tc12.0 Help collection trying to find out more information about this new approach only to come away with nothing. And the reason is that Siemens left out one very important detail when presenting the concept - it is only supported and can ONLY be used with Active Workspace. So unless your company is exclusively using Active Workspace, you will not be able to utilize this new functionality and leverage its simplicity.
You can only find OAR, its methods and tools, in the Active Worspace 4.0 Help collection:
Pay attention to the Tc12.0 Readme to ensure your new OAR are active in the database:
We have a mix of clients today: 2tRAC (server), 4tRAC (main client application) and AW (development) which prevents us from migrating to OAR. I would be interested in hearing from anyone who is capable and has installed OAR.
NX 11 | SW 2016 | Creo 4 | TcUA 11.4
Evaluating: AW 3.4
Solved! Go to Solution.
Thanks for the heads up. I was excited to see what this had to offer. But this is disappointing if it only works with strictly AWC deployments. I didn't know that AWC can do everything that you can do in the RAC currently. I thought there was some limitations and that would mean the administrators at minimum would need a RAC. I'm going to read through your links and I'll probably have more questions. Looks like I need to get to work on a TC12 sandbox to test the limitations.
Good afternoon, @RandyEllsworth. I first learned about the OAR from you. Thank you for testing it and posting the information here.
It seemed interesting to me that there would be a simpler access control mechanism than the existing Rule Tree. But it seems that this is only at the initial stage of development. I thought they would be available for the entire Teamcenter, not just for AWC.
In addition, judging by the documentation, he needs Linux, Docker and csv2tcxml.perl to install it.
I did not quite understand what is written in the documentation about csv2tcxml.perl, I see there is only an installation command? But I did not see the extraction command?
It seems that it's time for me to start studying Linux and Docker.
@ArthurRM - when you install the csv2tcxml.perl it extracts the data model into 4 different txt files. They are just listing one for the output files (csv2tcxml_config.txt). But what I don't see in the OAR document is what you do with that extraction to make an input. Do you refer to the values in the extracts to create the "base_oar_functions.txt".
I don't know that the documentation on OAR is complete.
Access Control (aka OAR) replaces Access Manager. The two are mutally exclusive.
The administration GUI for Access Control in only exposed in Active Workspace.
The defined rules are applicable to both RAC and Active Workspace.
Customers do not need to be exclusively using AW to use Access Control.
I hope this clarifies things.
The statement that a system must exclusively be Active Workspace did not fit with my understanding.
When a suitable opportunity came up to discuss it with product development, I asked the explicit question regarding RAC. They have confirmed Access Control policies will be honoured in RAC. Access Control can only be administered through Active Workspace but is enforced server side and hence, applicable to RAC.
Maybe the assumption ‘supported meaning it is not supported in RAC’ is where the confusion arose?
Access Control is not ‘supported’ in RAC because it cannot be configured / administered in RAC. Its configuration will impact RAC. The statements provided by GTAC are all correct in this respect.
Given the pre requisite for an Active Workspace enabled system, this might also explain the logic as to why it is in the Active Workspace documentation.