Helix IPLM access control

Helix IPLM controls access to the Libraries, IPs, and lines it manages. These permissions can be pushed to external systems, enabling synchronization between Helix IPLM and DMs or other external systems.

Workspace IPs, whether cached or in the local workspace, can be configured with an appropriate OS group automatically. Cached IPs can additionally be controlled via ACLs if desired.

Permissions

Helix IPLM provides View, Read, Write, and Owner control over Helix IPLM objects. Permissions can be set on IPs, Library memberships, and IP Hierarchies. Permissions set in Helix IPLM can be propagated to external systems, including the DM managed by each IP. This provides a single point of control for IP Access management.

Users and groups can be populated from external systems such as LDAP and AD.

See Permissions management for examples of listing permissions based on an IP Hierarchy and of setting permissions directly via IPLM Web.

Geofencing for IPs

Geofencing allows you to restrict access to IPs based on the user's current geographic location (geo), which is determined by their IPv4 address used to access the platform. This means that a particular user can access an IP while they are in an allowed geo, but the same user would be blocked when accessing the platform from a restricted geo. This can help you comply with ITAR and export control restrictions that regulate the release of controlled technology and information, regional license control, and securing confidential technology and information. See Enabling geofencing for more information.

Workspaces and IPLM Cache

IPs that are populated into workspaces can have a specific OS group set when the workspace is built. This can be used to limit access when the IP data is on disk. The group to use for each IP is set via the 'unix-group' Project Property, which is described on the Traceable workspaces page. IPLM Cache additionally supports setting ACLs on IPs populated in the cache.

Partial permissions

Users may not have permission to see all IP data in the project hierarchy. If a workspace is loaded from an IP Hierarchy, any IPs for which the user lacks access will be omitted from the workspace. The workspace will function normally in the absence of the missing IPs. Releases can be made and updates brought in. This allows the same project hierarchy to be used for all users, simplifying the task of managing project access. See Workspaces and permissions for more information.