Disabling a user from publishing to CONNECT Portal

A Semi-Government organization is standardised on v8i platform. The team likes all the new features in MicroStation CONNECT except its ability to allow a user to publish and share files via Bentley Portal, as it is goes against their security policy. What are the different options available to block a MicroStationCONNECT user from publishing to Bentley Portal and and sharing the data? 

Parents Reply Children
  • Hi - You can control who accesses Projects and has Project Share rights.  This is done via the Role Based Access Control.  Here is a Wiki article on it.  Restricting Personal Share is something only Bentley can do for an account, which is why the Service Request was needed.

    https://communities.bentley.com/communities/other_communities/sign-in_assistance_and_web_services/w/wiki/33585/role-based-access-control

    Thanks

  • Glen,

    It seems as though restricting the Personal Share is also something that the administrator should be able to control, either through the Role Based Access Control, or some other mechanism, without the need for a service request. It isn't hard to imagine a case where someone needs to have access to project files TODAY, but can't work on the project until the service request is completed tomorrow, or even later. Is there any chance that this capability can be added to the administrator's tools?

  • thank you for sharing the wiki article.   We are already aware of the role based access control but these types of controls need to fully integrate with the role based permissions used in the day to day management of the enterprise - eg active directory based roles and permissions so that the project and role based permissions in the Bentley cloud services can be inherited from our existing management systems.   I am aware that some of the items are in the pipeline - hopefully this can be accelerated as it is a major gap for enterprise at present.

    Additionally in relation to personal share - if Bentley are unwilling or unable to provide administrator access to enterprises to disable personal share the minimum expectation is that enterprise is able to run an audit log/ report on all shares originating from users on our domain. 

  • Paul,

    Personal Share is scheduled to be deprecated by the end of Q1 next year.  You can already share content with external users as long as they’re part of an existing IMS Organization and maintain security via RBAC.  Early next year we’re adding the ability to invite users who are not part of an IMS org in order to allow you to broaden your coverage to your entire supply chain.

    We plan to add AD Group support through IMS once it supports it.  We'll then be able to add roles to users and groups that are synched with AD via IMS. 

    We're also about to introduce Enterprise Level RBAC where we can assign Roles to users at the enterprise level and have that role follow the user through Projects and Assets.  It will also begin to offer some control over Admin level features for some of our cloud services.