Collaboration Access Rights

Collaboration Access Rights is the logical capability of granting, denying, and auditing who can do what to which product data, across an extended enterprise of internal engineering teams, manufacturing partners, contract design houses, and regulators. It is the security substrate that makes Document Vault, Collaborative Product Commerce (cPDm), and supplier portals safe to expose beyond the firewall.

What it covers

• Identity and authentication — SSO/SAML/OIDC integration, MFA, federation with corporate directories (LDAP/Active Directory, Okta, Entra).
• Authorization models — role-based (RBAC), project-based, attribute-based (ABAC), and rule-based access on items, BOMs, documents, change records, and CAD files.
• Object-level rules — read / write / release / approve / delete, plus promote-to-status gating and override paths through the Change Control Board (CCB).
• Partitioning and segregation — ITAR / EAR project partitions, customer-program walls, joint-venture compartments, “Chinese-wall” separation between competing customer programs.
• Supplier and customer portals — limited-scope external accounts, watermarking, time-bounded shares, signed-link downloads, IP-protection wrappers.
• License-aware access — many PLM platforms tie what you can do to what you are licensed to do (read-only viewer vs. author vs. configurator), which collapses pricing and access-control into a single matrix.
• Audit, traceability, and e-signature — every read / change / release recorded for 21 CFR Part 11, ISO 13485, and AS9100 compliance.

Why it sits in the logical layer

It is vendor-neutral: every PLM system from Teamcenter and Windchill to Aras and 3DEXPERIENCE ships its own access-control model with the same primitives — users, groups, projects, objects, lifecycle states, and rule expressions. This note describes the capability; the products implement it.

Relationships (see sidebar)

• Implemented by every full-featured PLM platform — Teamcenter, Windchill, Aras, 3DEXPERIENCE/ENOVIA, SAP PLM, Oracle Agile, PTC Arena.
• Conforms to 21 CFR Part 11 (electronic signatures), ITAR / EAR (export-controlled segregation), and CMMC (defense-industrial-base controls).
• Supports Supplier Development, Release Management, and Regulatory Submission — none of which can run without enforceable access controls.
• Synonym of the access-control sub-capability inside Document Vault; broken out here because it spans well beyond documents (BOMs, change records, CAD geometry, project workspaces).