Cancel
Showing results for 
Search instead for 
Did you mean: 

Operation Access Rule (OAR)

Solution Partner Esteemed Contributor Solution Partner Esteemed Contributor
Solution Partner Esteemed Contributor

You may have heard about operation-based access rules at Siemens PLM Connections and be as excited as I was to start using them. Unlike Access Manager rules which allow a user to see anything by default, OAR takes a different approach and denies access until a rule is applied that allows the user to see an object. This deny by default has many advantages as well as simplying the rules being applied.

 

Some of you, like me, may have been searching through the Tc12.0 Help collection trying to find out more information about this new approach only to come away with nothing. And the reason is that Siemens left out one very important detail when presenting the concept - it is only supported and can ONLY be used with Active Workspace. So unless your company is exclusively using Active Workspace, you will not be able to utilize this new functionality and leverage its simplicity.

 

You can only find OAR, its methods and tools, in the Active Worspace 4.0 Help collection:

https://docs.plm.automation.siemens.com/tdoc/aw/4.0/aw_html_collection#uid:xid1284832:index_xid14865...

 

Pay attention to the Tc12.0 Readme to ensure your new OAR are active in the database:

Tc12.0.0.0_oar_data_loader_fix.zip

 

We have a mix of clients today: 2tRAC (server), 4tRAC (main client application) and AW (development) which prevents us from migrating to OAR. I would be interested in hearing from anyone who is capable and has installed OAR.


Randy Ellsworth, Teamcenter Architect, Applied CAx, LLC
NX 11 | SW 2016 | Creo 4 | TcUA 11.4
Evaluating: AW 3.4

19 REPLIES 19

Re: Operation Access Rule (OAR)

Gears Phenom Gears Phenom
Gears Phenom

Randy,

 

Thanks for the heads up. I was excited to see what this had to offer. But this is disappointing if it only works with strictly AWC deployments. I didn't know that AWC can do everything that you can do in the RAC currently. I thought there was some limitations and that would mean the administrators at minimum would need a RAC. I'm going to read through your links and I'll probably have more questions. Looks like I need to get to work on a TC12 sandbox to test the limitations.

 

Thanks!!
Jamie

Jamie Griffis | Teamcenter Architect | Applied CAx, LLC

Re: Operation Access Rule (OAR)

Gears Phenom Gears Phenom
Gears Phenom

Good afternoon, @RandyEllsworth. I first learned about the OAR from you. Thank you for testing it and posting the information here.

It seemed interesting to me that there would be a simpler access control mechanism than the existing Rule Tree. But it seems that this is only at the initial stage of development. I thought they would be available for the entire Teamcenter, not just for AWC.
In addition, judging by the documentation, he needs Linux, Docker and csv2tcxml.perl to install it.
I did not quite understand what is written in the documentation about csv2tcxml.perl, I see there is only an installation command? But I did not see the extraction command?
https://docs.plm.automation.siemens.com/tdoc/aw/4.0/aw_html_collection#uid:xid1284832:index_xid14865...
It seems that it's time for me to start studying Linux and Docker.

Re: Operation Access Rule (OAR)

Solution Partner Esteemed Contributor Solution Partner Esteemed Contributor
Solution Partner Esteemed Contributor
The csv2tcxml conversation is another thing entirely for migrating data. OAR is a substitute for Access Manager as you've stated but only available if you exclusively use Active Workspace. I'm not aware of any customers exclusively using AW and reached out to the community for clarification. I'm glad to introduce the topic before someone gets too far along and finds these severe limitations on their own.

Randy Ellsworth, Teamcenter Architect, Applied CAx, LLC
NX 11 | SW 2016 | Creo 4 | TcUA 11.4
Evaluating: AW 3.4

Re: Operation Access Rule (OAR)

Gears Phenom Gears Phenom
Gears Phenom

@ArthurRM - when you install the csv2tcxml.perl it extracts the data model into 4 different txt files. They are just listing one for the output files (csv2tcxml_config.txt). But what I don't see in the OAR document is what you do with that extraction to make an input. Do you refer to the values in the extracts to create the "base_oar_functions.txt". 

 

aor1.png

 

https://docs.plm.automation.siemens.com/tdoc/aw/4.0/aw_html_collection#uid:xid1284832:index_xid14865...

 

I don't know that the documentation on OAR is complete. 

 

Jamie

Jamie Griffis | Teamcenter Architect | Applied CAx, LLC

Re: Operation Access Rule (OAR)

Gears Phenom Gears Phenom
Gears Phenom

@Jamie_Griffis thank you for the answer, I hope that developers will pay attention to this and complete the documentation. I would like her to become better.

Re: Operation Access Rule (OAR)

Siemens Valued Contributor Siemens Valued Contributor
Siemens Valued Contributor

Access Control (aka OAR) replaces Access Manager. The two are mutally exclusive.

The administration GUI for Access Control in only exposed in Active Workspace.

The defined rules are applicable to both RAC and Active Workspace.

Customers do not need to be exclusively using AW to use Access Control.

 

I hope this clarifies things.

Re: Operation Access Rule (OAR)

Solution Partner Esteemed Contributor Solution Partner Esteemed Contributor
Solution Partner Esteemed Contributor
@NeilEstall funny you should say that since I reached out to the Product Management Team (IR#9225317) as to why the OAR help is only in the Active Workspace help collection and not shown in the Teamcenter 12 help collection. I worked with Bob Donovan initially and he connected me with Sandip Dalvi who is the Product Manager for OAR. I reached out to Sandip but he ignored my emails (and ticket). Here was my email (6-Aug) to Bob/Sandip...

"The requirement that OAR can only be deployed for the Active Workspace client with the rich client NOT supported and also that OAR can only be put into place using Deployment Center has really caught me off guard. None of the presentations at Siemens PLM Connection mention these restrictions and none of our conversations brought these to light. You are going to have some real disappointed folks if these restrictions are true.

It didn’t come to my attention until a customer was looking for it in their Tc12 upgrade and couldn’t find it. I finally found it in the AW Help collection and submitted a ticket to get it added to the Teamcenter Help collection as there is a lot of information about upgrading Tc. See the IR below."

And the previous conversation with Avani Kondragunta (IR#9225317) where I was told...

"OAR is only supported through Active Workspace client. OAR support in rich client is not aligned with our product strategy and hence will not be available in RAC. Hence RAC documentation does not mention OAR, and it is available in Active workspace documentation.

In addition to this, OAR deployment is supported only through deployment center and would not be supported through TEM.

Please let me know if you have any further questions. Otherwise, I will close the IR."

@NeilEstall if you have additional information or have made this deployment yourself then we (the Community) would love to hear about it. I assumed "support" in the above conversations meant supported meaning it is not supported in RAC (or TEM).

On a side note, I had no idea that the Teamcenter help collection was only for RAC. By separating key upgrade tasks in the Teamcenter and Active Workspace help collections drives the NEED for a cross-collection search mechanism. This has been true for a while with TCIN listed in the NX help collection and not mentioned in the Teamcenter collection too. In other words, the help collections are becoming less useful over time (newer software versions). And now that Siemens has stopped publishing key PDF documents (like Tc preferences) in favor of publishing an Admin Data Report (without the underlying package that created it), we implementers stand no chance to search across multiple collections or compare new stuff against our existing environment. I have to say that I'm not happy with where this is heading as I have a lot of customers to "front line" support and get dinged if I'm not able to provide an answer and need to reach out (escalate) to GTAC.

Randy Ellsworth, Teamcenter Architect, Applied CAx, LLC
NX 11 | SW 2016 | Creo 4 | TcUA 11.4
Evaluating: AW 3.4

Re: Operation Access Rule (OAR)

Siemens Valued Contributor Siemens Valued Contributor
Siemens Valued Contributor

The statement that a system must exclusively be Active Workspace did not fit with my understanding.

 

When a suitable opportunity came up to discuss it with product development, I asked the explicit question regarding RAC. They have confirmed Access Control policies will be honoured in RAC. Access Control can only be administered through Active Workspace but is enforced server side and hence, applicable to RAC.

 

Maybe the assumption ‘supported meaning it is not supported in RAC’ is where the confusion arose?

Access Control is not ‘supported’ in RAC because it cannot be configured / administered in RAC. Its configuration will impact RAC. The statements provided by GTAC are all correct in this respect.

 

Given the pre requisite for an Active Workspace enabled system, this might also explain the logic as to why it is in the Active Workspace documentation.

Re: Operation Access Rule (OAR)

Solution Partner Esteemed Contributor Solution Partner Esteemed Contributor
Solution Partner Esteemed Contributor
@NeilEstall careful my friend, you're starting to get me excited about OAR again. It's too bad that Sandip Dalvi never responded as a lot of this could have been cleared up right away instead of persisting for these last several months. Sandip was too busy to present at Siemens PLM Connections too but, thankfully, Bob Donovan stepped up and delivered.

I'll likely set up a cloned environment and attempt to convert Access Manager to Access Control by the end of this month. I'll keep you posted as to my experiences.

Randy Ellsworth, Teamcenter Architect, Applied CAx, LLC
NX 11 | SW 2016 | Creo 4 | TcUA 11.4
Evaluating: AW 3.4