Xavor Logo
Book a Call
Case Study

Orcale Agile to Aras Innovator Migration: Enabling Secure, Dynamic Partner Access in Manufacturing PLM 

Solution

Access Control Automation | PLM Migration

Industry

Manufacturing

Core Technology

PLM

Overview

A critical requirement within PLM systems is secure and controlled data access, within the organization, and without, i.e. external partners. 

As part of their PLM modernization mandate, a strategic migration from Oracle Agile PLM to Aras Innovator was in order for our client, a global manufacturing giant in digital cinema technology.
 
Despite Aras’s power flexibility and configurability, implementing dynamic, field-based access control for partner users posed a key challenge during the migration. Standard configurations alone could not achieve that, and a more specialized approach was in order. Harnessing Aras Innovator’s advanced capabilities, Xavor designed and implemented a scalable, secure, and dynamic access control solution. 

Business Challenge

The client, a global leader in the media technology manufacturing space, required a highly controlled partner access model with the following conditions: 

  • External partner access limited only to items and related changes in the Released state  
  • All Unreleased parts to remain invisible, even if associated to the respective partner
  • Dynamic access adjustment based on field-level values  
  • Strictly restricted modification rights:
    Objects editable only by the group defined in a specific field.
    No modification allowed for all other users, even with general access 
  • An additional usability challenge post migration was visibility for partners into historical released revisions. 

There is robust access control through identities and permissions in Aras Innovator, out-of-the-box,. However, the client needed: 

  • Dynamic, context-driven access
  • State-based visibility control  
  • Field-level conditional logic  
  • Granular edit restrictions 

This necessitated a customized solution, not only scalable, but uncompromising on system performance or maintainability. 

The xavor approach

We designed a hybrid access control mechanism, leveraging a number of advanced Aras features: 

1. Derived Attributes for Dynamic Logic

We introduced Derived Attributes to act as decision drivers for access policies and dynamically evaluate: 
Whether a user belongs to a partner group associated with the item  
Whether the item is in a Released state  
Whether the user should have view or edit permissions  

3. Relationship-Based Partner Mapping
  • To manage partner associations efficiently:
    A custom relationship tab was introduced on key objects (Parts, Documents, Changes)
  • Partner groups were mapped through this relationship
  • These mappings were used to:
    • Fetch group identities
    • Feed into Derived Attributes
    • Drive MAC policy conditions


This approach provided flexibility, scalability, and easy maintenance

2. MAC (Mandatory Access Control) Policies 

We enforced conditional access rules using Aras Innovator’s MAC Policies:
Visibility restricted to Released items only  
Access granted only if:
  – User belongs to associated partner group
 – AND item meets defined lifecycle
conditions  

For modification control: 
Edit rights were dynamically granted based on field-driven group association  
Even privileged users were restricted unless explicitly allowed  

4. Controlled Visibility of Historical Revisions
Partners initially faced challenges in accessing previously released revisions. To resolve this:
  • We configured Saved Searches in Aras Innovator
  • These searches:
    • Filtered only Released revisions
    • Were shared exclusively with partner users
    • Covered Parts, Documents, and CAD Documents
This enabled partners to easily navigate and review historical data without exposing restricted content
Key outcomes

The implemented solution delivered: 

  • Granular, field-based access control 
  • State-driven visibility enforcement 
  • Strict edit restrictions based on dynamic conditions 
  • Secure collaboration with external partners 
  • Improved user experience through curated search views 
  • Scalable architecture aligned with future business needs 
Business Impact 

This solution empowered our client to: 

  • Collaborate securely with external partners  
  • Maintain full control over lifecycle-based visibility  
  • Protect sensitive product data
  • Enhance operational efficiency without compromising security
  • Ensure compliance with internal governance policies  
conclusion

By combining Derived Attributes, MAC Policies, and relationship-driven configurations, we successfully implemented a dynamic and secure access control framework that goes beyond traditional PLM capabilities. 

Future-Proof Your PLM Ecosystem

Accelerate digital transformation with modern PLM solutions tailored for complex manufacturing environments.

Talk to an Expert
Xavor Logo
Contact us

Have questions? Let us help you.




    Other Pages

    Blogs
    Partnerships
    Privacy Policy
    Information Security Policy

    Locations

    2211 Michelson Drive, Suite 900, Irvine, CA 92612.

    U.S.A

    49-CCA, Sector C DHA Phase 6, Lahore 54000.

    Pakistan

    South Yunnan Road No. 118
    Huangpu District,
    Shanghai 2000120.

    China
    LinkedIn
    Instagram
    Facebook
    YouTube
    Scroll to Top