Credentials in 3DEXPERIENCE: Roles and Access
Information extracted from the User Assistance
In a collaborative space, managing access and permissions is essential. In the 3DEXPERIENCE platform, credentials comprise a collaborative space, a role and an organization, and define the content a user can access and the actions they can perform.
What are credentials?
When users log in, they select a collaborative space, role, and organization. This combination is called credentials. Credentials determine the user's access rights and the scope of content available to them.
Users may be authorized for multiple collaborative spaces but are only connected to one set of credentials at a time. While users can be assigned multiple roles within a collaborative space, this is generally discouraged due to the hierarchical nature of role access.
How roles work
Roles dictate what content users can access and what operations they can perform, such as searching, viewing, creating, or deleting content. Roles inherit the permissions of lower ones.
Example role hierarchy:
- Reader: Can view content and create personal management items (Favorites, Personal Folders).
- Contributor: Inherits Reader rights and can create evaluation content (Reviews, Simulations).
- Author: Inherits Contributor rights and can create definition content (Requirements, CAD, EBOM Part, etc.).
- Leader: Inherits Author rights and can create design resources (Libraries, Project Templates).
Restricted roles (e.g., Reader Restricted, Contributor Restricted) limit read access to content owned by the collaborative space and organization but otherwise function like their regular counterparts.
Administrative roles
Administrative roles provide broader access and management capabilities: – Owner: Can read all content in a collaborative space, create administrative resources, manage resources, and modify properties for repair or exception tasks. – Administrator: Inherits all Owner rights across all collaborative spaces, manages company resources, and can modify any property in the 3DEXPERIENCE 3D Space service. – Owner Restricted: Restricts read access to content owned by the collaborative space and organization, with the same capabilities as a regular Owner.
Use case
It makes sense to check the user's credentials before they use an application that modifies or adds geometry. The idea is to inform the user that, with the current credentials, it is not possible to save data. This avoids the situation where a user has been working for some time, only to find that they cannot save to the database. 🙁
Function to check if the active user write rights
Const VALID_WRITE_ROLES As String = "VPLMCreator,3DSRestrictedAuthor,VPLMProjectLeader,3DSRestrictedLeader"
' Checks if the currently connected user has write rights based on their role.
' Returns True if the user's role is in the list of valid write roles.
Function HasUserWriteRights() As Boolean
On Error GoTo ErrorHandler
Dim PnoService As PnoService
Set PnoService = CATIA.GetSessionService("PnOService")
Dim ConnectedPerson As Person
Set ConnectedPerson = PnoService.Person
Dim ActiveRole As String
ActiveRole = ConnectedPerson.RoleID
HasUserWriteRights = ValueInList(ActiveRole, Split(VALID_WRITE_ROLES, ","))
ErrorHandler:
Exit Function
End Function
' Checks if a given value exists in the provided list (array).
' Returns True if found, otherwise False.
Private Function ValueInList(Value As String, List As Variant) As Boolean
If Not IsArray(List) Then Exit Function
If Len(Trim(Value)) = 0 Then Exit Function
Dim i As Integer
For i = LBound(List) To UBound(List)
If StrComp(List(i), Value, vbBinaryCompare) = 0 Then
ValueInList = True
Exit For
End If
Next i
End Function
Sub CATMain()
MsgBox HasUserWriteRights
End Sub
In a future post, we will learn how to check whether files are locked and who locked them.