Users, passwords, and group membership are managed by EPLAN in a central file (the rights database), which may lie on a server in a networked environment. The location of the file is defined using a setting at installation time (local location). In the case of a network installation we recommend the use of UNC paths. Only the EPLAN administrator can change the setting for the storage location.
The content of the rights database is obscured, so that it is not possible to directly view the user names and group membership. Passwords are stored in encoded form.
Warning:
If the rights database is missing or inaccessible then EPLAN cannot be started. The rights database must still be available even when EPLAN is being operated without rights management.
Installation and definition of rights
When using the EPLAN rights management, the local file INSTALL.XML and the rights database should be protected from direct user access at an operating system level, to hinder any possible manipulation. If the rights database is write-protected, this will be displayed in the heading of the Rights management dialog. If you carry out modifications in a write-protected rights database, these will not be saved, and a system message is generated.
For each workstation, the administrator defines the directory for the rights database and other configuration files.
Two possibilities exist in a network environment:
Local installation (maximum dropout safety)
If the rights database is on a local drive, then the users can still work locally when the server is not accessible. This is the default setting when installing EPLAN.
If the EPLAN rights management is used, then the administrator can synchronize the rights database and the configuration files using a file share on the workstation.
Network installation (maximum security)
If the rights database is installed on a server, then the rights can be centrally managed without having to then copy the files to the workstations. If a server failure means that the rights database cannot be found, then further editing of data in EPLAN is possible until EPLAN is closed.
Assignment of editing rights
The division of the processing steps is different in each company and depends on working methods, project, knowledge level of the user, etc. The users obtain their rights by belonging to one (or more) group(s). The permitted editing rights can be assigned to the user groups by the administrator. The groups give their assigned rights to all users in the group. Some predefined user groups with predefined rights are delivered with EPLAN. The groups "Administrators" and "Guests" cannot be deleted, and the "Administrators" group cannot be edited.
The rights management can be used to lock dialogs, menu items, and toolbars in the user interface. The individual rights are represented in a tree structure; this allows the rights to be assigned on a block basis, but individual subordinate points can also be excluded. If certain rights are revoked from a user group, the associated menu items will be grayed out. One exception is menu items that are used in other parts of the program (such as Copy or Delete). These will still be available. If the user calls up these actions, a message is displayed that the editing is not possible due to settings in rights management.
Moreover, rights assignments can be extended to dialogs. If a dialog is blocked for a user group, the group members can open the dialog but cannot edit any data or documents. The settings dialogs are an exception: These are hidden if they are blocked for a user group.
API actions can also be assigned or blocked.
See also