Securing an Include Project

This section describes a "real-world" situation that might require read-only privileges to be applied to an include project.

In this situation, an OEM has configured and delivered an include project that is part of a larger (top-level) project. Because the OEM engineer is solely responsible for maintaining the include (and only the include) project, the site administrator assigns the OEM engineer read-write access to the include project, but read-only access to the top-level project. Conversely, the site's regular engineers can access the top-level project but not the include project.

This scenario is shown here:

To set up this scenario the administrator does the following:

1. For ease of administration, assigns the site engineers to the user group AcmeTopEngineers.

2. Note: Because there is only one OEM engineer, the administrator did not create a user group for this single user.

2. Selects the project folder of the top-level project and displays its properties.
3. Selects the AcmeTopEngineers user group and allows read-write privileges for this folder. (Remember that in order to use read-write projects, read, write, and delete privileges needs to be assigned.)
4. Applies and saves the changes.
5. Selects the include project.
6. Selects the user name of the OEM engineer and allows read-write privileges for this folder.
7. Applies and saves the changes.
8. Reviews the changes made to verify the correct privileges have been assigned. In particular, the administrator has to confirm that the privileges assigned to the AcmeTopEngineers user group deny read-write access to the include project.

See Also