Introduction to Access Control

aPriori provides an Access Control feature that allows administrators to define which users can perform which actions on what object types (resources). This means that you can define a security model that reflects your organization's needs, so that access is permitted or denied based upon corporate structures such as regions, divisions, projects, etc.

Note: aPriori strongly recommends that you contact aPriori Professional Services for assistance in creating and deploying an Access Control environment for your site. You can use the information in this chapter to learn Access Control basics in a test environment, but Professional Services will be able to help you develop and implement an Access Control mode customized for your production environment.

This chapter explains how to configure Access Control. There is also a short chapter in the aPriori User Guide that explains Access Control at a very high level for your end users who work in the Access Control environment that you configure. The User Guide chapter also contains information that administrators will find helpful regarding day-to-day use of Access Control, and how to interpret error messages and log files to troubleshoot Access Control issues.

As an aPriori administrator, you can:

• Provide granular access to different types of resources such as components, roll-ups, and VPEs.

• Control the actions that users can perform on these resources, such as create, read, update, delete, or cost.

• Organize users into groups and sub-groups and assign access control permissions to those groups.

In previous releases, aPriori has provided rudimentary access control of component and VPE data. This has been implemented through the mechanism of distinct component database schemas and distinct VPE schemas, which allow you to broadly segregate users and the components they cost, as well as the VPEs used to cost them. This is useful if you have multiple divisions which should not share information, or which are required to segregate products and components due to regulations. But as of aPriori Release 2015 R1, the Access Control feature provides much finer-grained control of groups of users to resources such as VPEs, parts, assemblies, and the different types of roll-ups.

Note: By default, Access Control for a new or upgraded installation of aPriori is configured to emulate the legacy approach of distinct component and VPE schemas. Sites that choose not to implement Access Control should see little or no difference in behavior after installing or upgrading.