Protected Properties
Overview
Protected Properties enable independent control of IP and Property metadata permissions. Users and groups might be granted read permission on properties and write permission on the IP, or certain property values might be hidden from users altogether, while the user is still allowed write or read access to the underlying IP.
Protected Properties are supported on Libraries, IPs, and custom objects. Permissions are set on Property sets. The Properties included in those sets are governed by the Property set permissions. Configuring permissions on Property sets is optional. Any existing non-protected property sets continue to function as they always have.
In order to set up property protection, you must:
-
Change the status of exiting property sets you want to protect from unprotected to protected or create new protected property sets.
-
Grant permissions to users or groups for each protected property set.
Property protection and associated access permissions is currently configured only using the public API. Future release will enable directly configuring protected properties via IPLM Web and IPLM CLI.
Considerations
-
Support for configuring property protection is only available using the public API.
-
By default, the protected property set field is disabled, and all existing properties are unprotected.
-
Any protected property sets without set permissions will not be viewable by any non-admin user.
-
Before you begin, take inventory of the property sets you want to set as protected and unprotected, as well as determine permissions for each protected set.
Enable protected properties
By default, property protection is disabled for all existing property sets within IPLM. Before you can begin the configuration, an admin must enable the protected field on a property set using the public API. Once protected, you can configure permissions on each protected property set.
Configure permissions for users and groups
Grant permissions to users and groups for each property set you set to protected.
Permissions
| Permission | Description |
|---|---|
| Owner | Owner permission allows non-admin users to configure permissions for users and groups on a property set. A user given Owner permission will also have Read permission to the property set. |
| Write | Write permission allows editing the values of properties in that set when the set is attached to a Library or IP. A user given Write permission will also have Read permission to the property set. |
| Read | Read permission allows viewing but not editing the values of properties in that set when it is attached to a Library or IP. Removing Read permission for a user or group will also remove owner and write permission for that user or group to that set. |
Permissions considerations
-
If two or more protected property sets both contain the same property, one that has granted permissions and a second that does not have permission, the user will have permission to that property set.
-
If a protected and an unprotected property set both contain the same property and both are attached to the same IP or Library, no permission restriction will exist for that property on that IP.
-
A user or group will always have access to the most permissive access that two or more protected property sets attached to a Library or IP grant.
Attach or detach protected property set
An admin or user with Owner permission can attach or detach a property set to Libraries, IPs, and custom objects.
Changes to protected field on a property set
-
Disabling the protected control will remove any configured permissions on that property set.
-
Enabling the protected field will not add any permissions to the newly protected set, these must be configured separately.
allowWriteonTargetRead control
allowWriteonTargetRead control enables users with property set write permission to a property to write property set values when they have read permission on the IP. If this is not set, a user needs write permission on the IP and the property set to edit the property values of that set.
IPLM Web and IPLM CLI do not currently support allowWriteonTargetRead control.