Overview

Aras Innovator provides the flexibility to give administrators many options when controlling permissions and access. Mandatory Access Control (MAC) is designed to provide access control to Items based on properties of the Item being requested, and properties of the user requesting the Item. MAC Policies can be created for several different use cases where a user’s properties (Clearance Level, Citizenship, Location, etc..) determine access rights to Items which may also have various restricting properties (Classification, Ownership, Cost, etc.).

In addition to properties directly on Itemtypes and users, attributes can be derived from related items and used in conditional logic for the access control policy. For example, a policy may want to derive a list of security level restrictions from all referencing Projects for a Part.

Custom logic can also be used to determine environmental conditions, like time of day or other customer-specific requirements. All of these features empower administrators to implement a flexible and robust security scheme.

This overview provides a conceptual understanding of MAC Policy. Section 2 will guide you through the process of creating MAC Policies with step-by-step instructions.