Menu
I had a call today with a customer that I just have to share with you. It’s one of those topics that lots of administrators dread to think about: Granting external access to your PLM system.
Let’s face it. Your PLM system is the gateway to all of your product designs, history and intellectual property. If you don’t have it properly locked down, it can be bad. In this case, for this customer, bad was pretty bad.
It turns out that, while the customer thought that their Contract Manufacturer (CM) could only read parts and documents that the CM was responsible for manufacturing, there was actually no restriction at all, except for Change Orders. The CM could only read change orders that were assigned to them. My customer mistakenly thought this meant the CM could not read any parts or documents, unless they were associated with an ECO to which they had been granted access.
What they didn’t understand was that, in their PLM system, the privileges to read parts and documents were completely separate from the change order privileges.
Here’s the kicker. They had about a dozen CMs all set up the same way.
In the case of my customer, the CM roles had been deployed over ten years ago. Each time there was a new CM, an existing role was used as a template to create a new role. Makes sense, right? There was of course a problem. The original role was never set up properly in the first place due to a misunderstanding of how the privileges worked. Each time a new CM was added, the mistakes were replicated. And when a new administrator took over the system, the same incorrect knowledge was passed on.
All of this could have been avoided by proper ‘use case’ testing at the time of initial deployment or, at the very least, when a new CM was set up.
Additionally, if there had been a regularly scheduled review of CM access, this could have been caught years ago, the roles would have been changed, and appropriate testing procedures would have been mandated.
There are many steps to setting up external access in any enterprise system for a company. If you skip or skimp on any one step, you could wind up with unexpected and unwanted results.
Once established, it’s good practice to review the CM’s access from time to time, to confirm what has been deployed still represents what is needed and has been approved.
1. You must have deep knowledge of your PLM’s recommended methodology for deploying read privileges. In some systems, they may need to be combined with discover privileges as well. Know your system’s limitations and strengths when it comes to managing permission sets.
2. You must have well-defined parameters as to what you do and do not want your external users, such as CMs or other contractors, to be able to read. Think about what file types they should have access to, any other limitations you may want to impose.
3. Deployment in a test or sandbox environment is critical. This allows both the administrator and the test users to work as needed without having an impact on your production environment.
4. Yes. I said test users. It’s imperative that someone(s) with a good understanding of the parameters determined in step 2 log in as a test user who has been assigned the external access roles. All of the parameters need to be tested to confirm the test user can do no more and no less than what has been defined. Nothing takes the place of hands-on testing.
5. Once testing is complete and any issues resolved, deploy the solution to your production environment.
6. Once deployed in production, there is likely ongoing maintenance that will need to be performed by your users to grant access to records as needed. Make sure your users are trained in how this works so they have a thorough understanding.
7. A regular audit of CM access roles, including hands-on testing, will let you know that the external access setup is being properly maintained
If this sounds like a lot of work, remember what’s at stake. You don’t want to be the one who leaves the barn door open and lets all the thoroughbreds escape. It’s OK to reach out to your service partner for help on this one. This is exactly the kind of thing we’re here for.
Your PLM service partner will have expert knowledge of how permission sets are deployed for your specific system. If an external access infrastructure is not already built in, they’ll know the best way to get one established.
Finally, if you have external access set up today and you haven’t done a review of it lately, block out time on your calendar to do that now. If it goes well, you’ll sleep better. If it doesn’t… you have our number.
We are a premier PLM (Product Lifecycle Management) solution provider. With decades of industry experience, we offer a spectrum of services, from consulting to system implementations and support. Our dedicated team collaborates with clients to understand their corporate goals, identify challenges, and devise strategic solutions to ensure success in the evolving digital landscape.
Take the guesswork out of PLM transformation.
Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit
Let’s advance your PLM capabilities. Contact us today.
Copyright © 2023 Domain Systems, Inc.
All rights reserved
