Troubleshooting EPDM Permissions

Anyone who works with SolidWorks Enterprise PDM (EPDM) knows that there are multiple factors that play a role in user permissions. Sometimes it can be difficult to determine the kind of permission to apply to achieve a desired result or to find the setting that is causing an undesired behavior. So let’s dig in to the EPDM security model and take a look at the different criteria that EPDM uses to provide access to files. 

There are four main criteria that determine a user’s effective rights/permissions on a file in EPDM (these determine what the EPDM security model is capable of):

• Folder/Project Location
• Version/Revision State
• Workflow State
• Individual File Access

Folder/Project Location

Folder/Project level permissions are set, as are all permissions, through the EPDM Admin Tool. These permissions can be set at the user or group level. It is always best practice to set permissions at the group level and not on individual user accounts. The first troubleshooting item to look at is group membership. If Person A and Person B are in different groups and Person A can see the file but Person B cannot, look at the group level permissions and compare the Folder/Project permissions to see if they match for the relevant files and location.

Version/Revision State

The version/revision settings refer to “show working versions.” If this box is checked, the users can see the “working versions” meaning versions of the files. If this box is unchecked, the users can only see files that have a revision created for them. Typically, this box is checked for engineering and design, but unchecked for downstream groups, as they only want or need to see things that are in a production released revision.

Workflow State

The workflow states also have a set of permissions that allow the user to see or edit the file. These permissions must be set for each state of the workflow for each User Group in the system. There is also a push button icon (that looks like a white gloved hand) on each state that says “ignore permissions from previous states.” This is an important option to understand. If in State A you have creation and editing rights and in State B you have delete/destroy rights, clicking “ignore permissions from previous states” will allow a file to be destroyed in State B even though in State A it cannot be destroyed. If this option is left turned off, the file cannot be destroyed in either state.

Individual File Access

Individual File level permissions are always tricky to deal with. A user with this permission can use the File Permissions tab in the Properties dialog box to select groups that will have file level access. Only users who are in the selected groups and have the appropriate folder and workflow state permissions will be able to access the file. Users who are not in the selected groups will not see the file regardless of their folder and state permissions. This last sentence is key to understand. An EPDM administrator can spend hours trying to determine why the files are invisible to a certain user or group when all the “obvious” settings mentioned in the above paragraphs have been double or triple checked.

Security and effective permissions troubleshooting can be frustrating, so hopefully this information will help you when you’re called upon to determine why “Bob can’t see that file.” Likewise, if you’re just getting started with an EPDM implementation, give your security model significant consideration before deploying, and err on the side of a simpler schema. If you have further questions about EPDM permissions and the EPDM security model, please contact us. And if you have any novel techniques for troubleshooting or working with EPDM permissions, please leave us a comment and share your ideas with the community.

Tags: Enterprise PDM, EPDM, implementation, PDM, PDMWorks Enterprise, permissions, security, security model, workflow