About Credentials

When a user logs in, the user selects a collaborative space, role, and organization. This combination is called the user's credentials and it controls the content that user can access.

A user can be authorized to work on different collaborative spaces, but is only connected to one set of credentials at a time. You could give a user multiple roles in a collaborative space, but because role access is hierarchical it does not make sense to assign a user more than one role.

The examples in this topic apply to viewing content using the baseline access rules. The access rules defined in Configuring Content Security and Business Processes allow you to change the baseline access rules that determine which users, based on organization, role, or collaborative space.

When you add a person to a collaborative space, you select the access role they have for that collaborative space. You can assign a person to multiple collaborative spaces, and they can have different roles in different spaces. At login, the user selects a single collaborative space that becomes the active collaborative space. Any other collaborative spaces that the user belongs to are passive. In general, users can manage content only in the active collaborative space.

Users can access content owned by the collaborative space and organization of the user's active credentials. For any of the user's passive credentials, they can view (but not modify) content as long as the content is defined as public and the organization that owns the content is the same organization as the user's active credentials, or a parent of that organization.

For example, your 3DEXPERIENCE platform could be defined to include:

This configuration includes two organization hierarchies, where Org 1 through Org 4 is the host company, and Org A and B are an associated company, such as a supplier. The configuration includes three collaborative spaces. When you create your users, you declare the organization they belong to, and what role they have within each collaborative space. Some users might be assigned roles in a single collaborative space. Users from either organization hierarchy can be added to any collaborative space.

Content is owned by the organization and collaborative space (and the user who created it). Content can be public or private. If a user logs in with the Public Reader role, that user can only access public content owned by both the collaborative space and organization of the active credentials.

For aggregated content, objects have the same ownership as their master parent object.

Examples

For example, a user logs in using these values:

  • Any of these roles: Reader, Contributor, Author, Leader or Owner
  • Organization: Org 1
  • Collaborative Space: CSpace1

This user can access public and private content owned in CSpace1 regardless of the organization that owns the content, including Org A or Org B. This access is called cross-organization visibility. This user can also access public content owned by Org 1 in CSpace2 and CSpace3. For content owned by the collaborative space of the active credentials, the user can access all content regardless of the organization that co-owns the content. This access is called cross-collaborative space visibility. For content owned by the organization of the active credentials, the user can access all public content in other collaborative spaces.

Or, a user could log in using these values:

  • Any of these roles: Reader, Contributor, Author, Leader or Owner
  • Organization: Org 2
  • Collaborative Space: CSpace1

This user can access public and private content owned by CSpace2, and any public content owned by Org 2 in other collaborative spaces. In addition, the user can access public content owned by Org 1 in any collaborative space, because organizations inherit access from parent organizations.