Mask Syntax

Mask files are text files with a .mask extension.

This topic describes:

This page discusses:

Syntax

Keyword Description Example
MASK <id> Starts a mask definition, where <id> identifies the mask. Each file can have a single MASK keyword.

When compiled, the name of the file will be <id>.SecurityMask.

MASK DEFAULT
ENTITY <entity_ name> @inheritsStarts the mask definition for a specific attribute, where:

<entity_name> must be a value of the attribute “Name” of the tag “Class” or “Extension” in the metadata file.

@inherits specifies that this entity inherits from its parent's mask.

ENTITY VPMReference @inherits
ATTR <attribute> ;< mandatory>;< authorized_ required>;< default value>Defines the static access control information about an attribute of the entity, where:

<attribute> is the value of the attribute "Name" of the tag "Simple" in the .metadata file.

Only simple attributes are supported in masks: aggregates and relationships are excluded.

ATTR PLM_ExternalID;Y;N;$
mandatorySpecifies if the attribute is required or not. Values:
  • Y if the attribute is required
  • N otherwise

If the attribute is mandatory in .metadata, it must also be set as mandatory in the mask.

authorized_ requiredSpecifies a constraint on the values of this attribute. Values:
  • Y means the values are the only allowed values
  • N means the user can set a value other than the ones in the list
default_valuePresets this attribute's value at creation time and can be any value, or $ if value is null.

<default_value> cannot be $ if <authorized required> is set to Y.

If authorized values are defined in the mask, the <default_value> MUST BELONG to this list.

VALUE <value>Sets an authorized value for the current attribute.

If a list of enumerated values exist in .metadata, the <value> must belong to it.

VALUE Supplier A
FUNC <operation>Starts the access control information about a pre-defined <operation> for the current entity.

Valid operations are: Create, Write, Read, EZQuery (simple query), Query (extended query), Tree (Tree node id), List.

FUNC Create
FATTR <attribute>For the shown <attribute>, specifies if this attribute is modifiable or not. Values:
  • Y means the attribute can be modified in this operation
  • N means it is not modifiable.
The attribute must be visible in the current operation, and must previously have been declared using the ATTR keyword.

This property is mandatory for any FATTR declarations under any FUNC declarations.

This property should be set to:

  • Y for Create, Write, Query and Ezquery
  • N for Read, Tree and List.

The order of the FATTR declarations in the FUNC section specifies the order in which the referenced attributes appear in the current operation's view.

FATTR PLMExternalID;Y

Rules about IP Protection

The IP Protection declaration in the .metadata file determines if an attribute combination is authorized in a security mask. These rules are enforced by the VPLMPosMaskGenerator tools and any errors reported by the VPLMPosMaskCompiler tool. These are not fatal errors for the compilation process.

ParameterRule
ATTRAn attribute is authorized in a security mask if its Protection attribute is one of these values:
  • ExternalRO
  • External
  • Free
  • User
The <mandatory> declaration in a mask must be Y if this attribute has Mandatory=Yes in the .metadata file.
FATTRIf Protection equals External or ExternalRO, do not make this attribute:
  • Visible in FUNC Create
  • Modifiable in FUNC Write

You can specify either:

  • No corresponding FATTR command
  • FATTR <attribute>;N.

If Protection equals Free or User and <mandatory> is Y, then this attribute MUST be visible in FUNC Create.

The only valid case is: FATTR < attribute >;Y.

This table summarizes the rules for ATTR and FTTR

Metadata FileATTR <mandatory>FUNC CreateFUNC Create
ProtectionMandatoryVisible<editable>Visible<editable>
ExternalYesYYY or NN
ExternalNoY/NNY or NN
Free, UserYesYYYY or NY/N
Free, UserNoYYYY or NY/N
Free, UserNoYYYY or NY/N

Mask Concatenation

Mask concatenation provides a mask override mechanism. When a user logs on, only one mask is chosen (and loaded) according to the first mask found granted on the (in this order):

  • Person
  • Current credentials
  • Current collaborative space
  • Current role
  • Current organization

If more than one mask is granted to the same component, the first mask found in the list of available mask commands is taken. You can use this MQL command to determine the order of masks: list mask::*. You should only grant a single mask to a given object to avoid such side effects.

If no mask is found, the DEFAULT mask is applied. The system does not search any organization or collaborative space hierarchy for any masks.

All entities declared in the chosen mask are subject to access control. All of its attributes must be explicitly declared as accessible. Any attributes not declared are not accessible to that user. Any entities not defined in the mask have no access control applied.

Mask Definition Example

This example describes the effects of security masks. For reference, these samples come from the mask definition of the VPMReference entity in the PRODUCTCFG.mask file.

Mask DefinitionDescription
ENTITY VPMReference

ATTR V_Name;N;N;$

ATTR PLM_ExternalID;Y;N;$

ATTR revision;N;N;$   
ATTR V_version;N;N;$
ATTR minorrevision;N;N;$

ATTR V_usage;N;N;$
VALUE 3DPart

ATTR V_versionComment;N;N;$

ATTR V_description;N;N;$
ATTR C_created;N;N;$

ATTR V_fromExternalID;N;N;$
ATTR V_Scale;N;N;$

ATTR policy;N;N;$
ATTR C_modified;N;N;$
ATTR V_maturity;N;N;$
ATTR LOCKUSER;N;N;$

ATTR V_user;Y;N;$
ATTR V_organization;N;N;$ 
ATTR V_project;N;N;$
The entity type is VPMReference Each ATTR line defines an attribute, if it is mandatory, if only authorized values can be entered, and a default value.
// -----------------------------------------------------------
FUNC Create
// -----------------------------------------------------------
//
// - ordered
FATTR V_Name;Y
FATTR PLM_ExternalID;N
FATTR V_description;Y
FATTR policy;N
// - unordered
FUNC Create defines the available attributes for display for a create or edit operation.
// -----------------------------------------------------------
FUNC EZQuery
// -----------------------------------------------------------
// - ordered
//a) ident
FATTR V_Name;Y
FATTR PLM_ExternalID;Y
FATTR revision;Y
//b) description
//FATTR V_discipline;Y
//FATTR V_usage;Y
//c) state of dev
FATTR C_modified;Y
//FATTR LOCKUSER;Y
//d) owner
//FATTR V_user;Y
//FATTR V_organization;Y
FATTR V_project;Y
// - unordered
FUNC EZQuery defines the attributes in the "Easy" panel (the most-used list of attributes for query).
// -----------------------------------------------------------
FUNC Query
// -----------------------------------------------------------
// - ordered
//a) ident
FATTR V_Name;Y
FATTR PLM_ExternalID;Y
FATTR revision;Y 

//b) description
//FATTR V_discipline;Y
FATTR V_usage;Y
FATTR V_versionComment;Y
FATTR V_description;Y
FATTR C_created;Y
FATTR V_fromExternalID;Y
FATTR V_Scale;Y

//c) state of dev
FATTR policy;Y
FATTR C_modified;Y
FATTR V_maturity;Y
FATTR LOCKUSER;Y

//d) owner
FATTR V_user;Y
FATTR V_organization;Y
FATTR V_project;Y

// - unordered
FUNC Query defines the attributes for the "Extended" and "Expert" panels (all queryable attributes)
// -----------------------------------------------------------
FUNC Read
// -----------------------------------------------------------
// - ordered
//a) ident (used for Properties Read & List) Inacceptable as first in List Mode... so removed.
FATTR V_Name;N
FATTR PLM_ExternalID;N
FATTR revision;N  

//b) description
//FATTR V_discipline;N
FATTR V_versionComment;N
FATTR V_description;N
FATTR C_created;N
FATTR V_fromExternalID;N
FATTR V_Scale;N

//c) state of dev
FATTR policy;N
FATTR C_modified;N
FATTR V_maturity;N
FATTR LOCKUSER;N
//d) owner
FATTR V_user;N
FATTR V_organization;N
FATTR V_project;N

// - unordered
FUNC Read controls the displayable attribute list for presenting the results of a search.
// -----------------------------------------------------------
FUNC Write
// -----------------------------------------------------------
// - ordered
//a) ident
FATTR V_Name;Y
FATTR PLM_ExternalID;N
FATTR revision;N  

//b) description
//FATTR V_discipline;N
FATTR V_versionComment;Y
FATTR V_description;Y
FATTR C_created;N
FATTR V_fromExternalID;N
FATTR V_Scale;N

//c) state of dev
FATTR policy;N
FATTR C_modified;N
FATTR V_maturity;N
//FATTR LOCKUSER;N

//d) owner
FATTR V_user;N
FATTR V_organization;N
FATTR V_project;N
FUNC Write controls the modifiable attribute list.

PLMCORE.CATNls and PLMABSTRACT.CATNls Files

The attribute names contained in the .mask file are different from the attribute names displayed in the panels. The attribute aliases are not contained in the mask definition, but are contained in CATNls files (on the native app client in the directory):

<os>/resources/msgcatalog

The CATNls files must be provided with the metadata and mask files. The aliases must conform to this format:

  • Modeler: <modeler name> = "<modeller alias>" = ;
  • Entities: <modeler name>.<PLM core type> = "<entity alias>";
  • Attributes: <modeller name>.<PLM core type>.<attribute name> = "<attribute alias>";

where <PLM core type> is one of these:

  • PLMReference
  • PLMCoreReference
  • PLMCoreRepInstance
  • PLMInstance,
  • PLMCoreInstance
  • PLMCoreRepInstance
  • PLMPort
  • PLMConnection