Archive for the ‘Security’ Category

Complex PLM Structure Multi-Views in Aras

October 18, 2012

MarcL: Multiple views of structure are the holy grail of PLM. Companies want alternate views to PLM data (e.g. functional view in the early concept and feasibility phase, engineering/design view, production views, purchasing view, service view, and others). Everyone thinks PLM systems should be able to provide multiple integrated views of the structure, but few if any have achieved this capability effectively. People want to be able to compare, display, and/or report the differences between various views of a single or multiple structures and between versions of a structure or structures.

Peter Schroer:

In my experience when you get to the detail level of what people actually want to see in structure multi-view requirements it is unique for each company.  That’s why it’s difficult to predefine the “right” set of views and why so many PLM companies have struggled trying to do this.

At Aras we recognized this and therefore have approached structure multi-views from a modeling perspective. The Aras modeling engine supports the creation of multiple views of structure including BOMs, requirements, manufacturing process, suppliers, quality, etc.

For example, there’s a multi-view of Manufacturing process structures (routing view, quality inspection & test view, risk analysis view) in the Aras solution for Quality Planning.  The views are integrated at the data model level, but different users view the structure via different tabs on the forms.  Any process steps changed in one view, are automatically synchronized with all other views because they are all pulling data from the same source.

Any structure in Aras can be modeled as multiple different views. These views can be displayed, compared and reported as well. When structure views are modeled they flow thru the security model so they are restricted by the data access controls.

If a new material or part is confidential IP and a specific user is not allowed to see it, then the view will automatically restrict this item from that user’s view, but allow them to see a placeholder block so they know there’s something there.    Views are not separate copies of the structure, they are filters of the existing data which prevents synchronization and reconciliation issues.

As with all solution customizations in the Aras modeling environment, we assure that your customizations will work in all future releases of Aras Innovator, and we back this up by doing the upgrades for you when you’re on subscription (upgrade services included no matter how much you customize).

We provide training on how to use, administer and customize Aras Innovator’s structure management capabilities, items and views, as well as, security permissions, classification capabilities and more to achieve self-sufficiency.

For additional information see ‘Structure Management for Complex Products in Aras’ or check out the Posts Tagged ‘Product Structure’ and ‘Customize’.

Federation with ERP, PDM, Legacy Systems and Cloud-based data using Aras

June 20, 2012

MarcL: PLM solution must be capable of integrating with the ERP system so that data is available in PLM such as material costing, inventory on-hand, etc. Please describe how this is possible.

Peter Schroer:

Aras Innovator includes a standard service called Federation. This Web service can be used for integrations with legacy applications (called Federations) that expose attributes from the legacy system, such as Cost attributes in SAP, with the materials data stored in PLM.

For the end-users, they will see a single form, with data in the correct context that has all the information they need to perform a task (or workflow or report) without knowing the actual data storage location of those data.

This data does not need to be view-only, but can be editable as well. It is managed by the same need-to-know security permissions in Aras so the users have access to only the data they are authorized to see, add, update, etc.

Secure Federation capabilities in Aras are not limited to on-premise systems, and can include Cloud-based data sets as well like component databases, compliance validation and other data sets of authority in the Cloud.

The flexibility of the Aras Innovator PLM system even allows federation configurations in which all Part, Material and BOM data are authored in ERP, and PLM is just a viewing portal.

However, most companies prefer to develop parts, materials, cost models and other product data within the PLM solution, and after workflow review & approval, drive this cost data to the ERP once it becomes “Released”.

The same type of system Federation can be performed with legacy PDM / PLM systems in use in your company as well. This can be useful if existing PDM systems are in place at various sites for CAD management, although more robust PLM capabilities are needed for complicated processes like NPDI, enterprise change, supply chain, quality or outsourced manufacturing.

The “right” configuration depends on your organization, business practices, and the level of complexity of your products and development process.

Aras architects and certified partners can help you evaluate your company’s requirements during the initial phase of your deployment and recommend a configuration that is optimized for your company’s specific competitive practices.

We provide training on how to do federated integrations with other systems like ERP as well as how to administer these capabilities.

For more info on these capabilities see ‘Integration and Federation in the Enterprise with Aras’ and ‘ERP, Item Masters and Data Attribute Federation Between ERP-PLM in Aras‘ or check out the Posts Tagged ‘Integration’.

Role-based Workflows, Classification and Security Permissions in Aras

June 8, 2012

MarcL: PLM solutions should allow for the creation of workflows by specific roles (role-based workflow), so that individual users belonging to a specific role or group are guided through a workflow that is tailored for their process requirements.

Peter Schroer:

The entire Aras Innovator platform is a roles-based system including workflow processes.

All Workflow and Lifecycle assignments are made to Identities in the security model.

Identity is an Aras abstraction that resolves to either an individual person, all persons trained to perform a role, or all persons that are members of a group, where groups and roles are also hierarchical.

Classification can be used for different roles / groups by product line, product type, program project, plant, division, doc type or any other designation (or combination of) to guide BPM workflows.

Business rules can of course be based on other attributes for whatever complicated workflow scenario your business requires as well.

We provide training on how to set-up, administer and customize Aras Innovator’s workflows, lifecycles and classification structures as well as security permissions for identities, roles and groups.

For additional information see ‘BPM Workflow Voting, Conditional Process Steps and Dynamic Assignments in Aras’ or check out the Posts Tagged ‘Workflow’.

PLM Solution Tailoring and Customization by End Users in Aras

May 29, 2012

MarcL: PLM solution should support tailoring, configuring and customizing by approved users for specific forms and workflows. Any changes to standard objects should be capable of being monitored and audit trails maintained with notification of changes to designated personnel.

Peter Schroer:

In Aras Innovator’s Model-based engine, access to modify the model (data dictionary, meta-data, etc) is controlled by the same authentication and access control rights as the end-user permissions.

The Aras Innovator PLM platform uses its own security model, to control its customization and administration.

Your company can choose which components of the “Model” (i.e. your company’s PLM solutions) to allow certain groups/departments of users to edit and maintain.

IT or app dev can maintain the entire PLM system or you can choose to delegate portions out to certain end users while keeping control over other parts of the system.

Delegation of the administration for Form Layouts, Workflow Processes, Project Templates, Lifecycle States and other business items are commonly moved out of IT to the power users that are process owners or functional managers with responsibility for process definition.

While responsibility for integrations and more complex system functions is kept under IT’s control.

This division of labor makes administration of a large deployment scope more manageable and creates local “ownership” by end users which encourages adoption and simplifies IT’s help desk duties as well.

Monitoring or oversight of changes made and audit trails is standard Aras Innovator functionality.

All changes made by end users are supportable and upgradable without impacting the customizations.

We provide training for you and your end users on how to tailor, configure and customize Aras Innovator, and you Do Not need to be a programmer or in IT to learn how to do it.

For additional information see ‘Making PLM Forms Look Exactly Like Existing Paper or Legacy Forms with Aras’ and ‘Lifecycle, Workflow and Other Types of Process Management in Aras’.

Electronic Signatures, Workflows, Lifecycles and Security in Aras

May 24, 2012

MarcL: PLM solutions should provide a secure way for electronic sign-off of controlled Parts, CAD documents, specifications and other objects. Please describe how access controls and permissions are combined with meta-data attributes, prevention of modification of released data objects, and other measures, to provide electronic sign-off.

Peter Schroer:

All business objects (Items) within the Aras Innovator platform are controlled by an access rights management service, that complies with the security requirements of our US Gov’t and defense industry customers for “need-to-know” level security.

The security model can be used at the object instance paired with individual user level (only Bob can see Spec#001),  or for simpler administration,  hierarchical groups and roles can be defined which are expressed as patterns that are applied to sets of business objects  (anyone on the Electronics team can see the design files created for the EX-001 new product). Digital rights management (DRM) on the actual files can also be included.

Once the Lifecycle of an Item has advanced to the designated state, the access rights to the Item automatically switch to a Read-only level (normally at Release, but can be anything you specify), that object is completely protected against modifications.

The out-of-the-box CMII compliant processes use the Aras Workflow services with electronic signatures to capture the authorization and approvals.

Once the Workflow has secured the correct votes with signatures,  it automatically promotes the Lifecycle status of the Item to Released (which in turns locks down the access rights).

Approval mechanisms, electronic signatures (passwords and 2nd level passwords or e-signatures), audit trails, and notifications are all standard out-of-the-box capabilities within Aras Innovator.

Aras has built-in capabilities to satisfy regulatory compliance requirements for e-signature such as 21 CFR Part 11 in the Medical Device industry (these settings can be turned on/off of course).

We provide training on how to set-up, administer and customize these capabilities as well.

For additional information on these capabilities see ‘Security Permissions & Access Controls in Aras’ or check out the Posts Tagged ‘Lifecycle’ and ‘Security’.

Security Permissions & Access Controls in Aras

March 26, 2012
Aras PLM Security

Robust "Need To Know" Level Security in Aras

MarcL: Defining and managing security permission access controls in PLM is very important.   Please describe how Aras provides the ability to specify access privileges to specific data (metadata, managed data objects and files) as well as processes for individuals and groups including those outside the firewall like suppliers and customers.

Peter Schroer:

Aras Innovator security, authentication and data access rights model was directly defined by our defense industry customers including the US Army, US Air Force, Lockheed Martin, L-3 Communications, Rolls-Royce Naval Marine and others.

Every business object (item) in Aras is linked to a “need-to-know” access control list which specifies the access rights of each User with that data element.

Aras Innovator out-of-the-box configuration implements data access security to the Item level.  Attribute level security is implemented using view masks, rather than permission controls by attribute.

This design improves performance and simplifies the day-to-day management of data security.  For the end users, the net effect is the same, they will only see the data items, and the attributes of those items that they have permission to work with.  

Out-of-the-box access rights management in Aras covers control of Read, Discover, Update, Create, Delete, and Modify-Rights, for any Data Item by any Identity, where Identity is a hierarchical construct with inheritance of access rights permissions.

All data items in Aras are linked to a hierarchical organization structure that simplifies the task of segregating data that can be managed by one product team versus another team or by customer or by owner.


%d bloggers like this: