Share the Project folder, Configure User and Set Permissions using Windows

Scenario
You have created a project folder using SMC on Server. You want to share the project sub folders, set permissions on the individual subfolder, and provide appropriate access rights them externally using Windows and not using SMC.

Recommendations

  • It is recommended to share the server project folder before creating project on Client/FEP, as you must specify the path of the shared project folder while creating the Client or FEP project.
  • If you share the project folder from Windows (instead of sharing using Project Shares expander) after creating a project on the Server, you must do the following to populate the share project path in the Client/FEP project/web application linked to this Server project:
    • On the Server, reselect the Server project which was shared using Windows.
    • On the Client/FEP, select the project/web application linked to this Server project and you must (for a web application) edit, and realign, and save before browsing the web application URL and (for a Client/FEP project) edit, browse the Server project, and save before launching the Desigo CC Client application on Client/FEP.
  • Once shared, it is recommended to verify the project share folder consistency by clicking Check Project Share Consistency.

Permissions on the individual subfolders

The access rights on the individual subfolders of the project folder must be as follows:

  • Documents:
    Provide read access on all files and subfolders to the web server account and all Windows client accounts.
  • Devices, Graphics, Libraries and Profiles:
    Provide read/write access on all files and subfolders (including the right to delete them, but not the root folder itself) to the web server account and all Windows client accounts.
    • Graphics:
      Access can get restricted to read-only for Windows client accounts that only visualize graphics, but do not engineer them.
    • Libraries:
      Access can get restricted to read-only for Windows client accounts that run Desigo CC in Operation mode only.
    • Profiles:
      Provide read access to all Windows client accounts, read/write access to the web server account.
  • Shared:
    Provide read access to all files and subfolders to the web server account and all Windows client accounts.
  • All other folders:
    Provide read/write access to the system account only ([System Account] gets configured in the SMC).
    Do not provide access to these folders to any other account.

Confirm Security Permissions on Project Subfolders

Once the server has been installed, the installation program sets up the GMSMainProject folder that contains all the software files needed to run the software. For the Windows logged on users who are going to run Desigo CC on Server or client on remote computer you should confirm the following security permissions on the project subfolders.

  • Confirm Read/Write security permissions granted on the GMSMainProject folder.
  • Explicitly grant Modify and Write access to the folder ...\GMSMainProject\bin folder on Windows Servers. You must do this to be able to save BACnet import files and for perpetual acknowledgment of the EULAs.
  • Confirm Read/Write security permissions granted in the project subfolder. These permissions allow the clients to communicate with the server.
  • Confirm permissions granted on the folders [installation drive:]\[installation folder] and [installation drive:]\[installation folder]\[project]\[subfolder] on server and clients.
    • On Windows client platforms, the permissions are granted through Authenticated Users.
    • On server systems, the permissions are granted through a dedicated "Desigo CC users" Windows user group that you must add yourself. Create a “Desigo CC users” Windows user group which mimics the privilege set for authenticated users. Assign all Desigo CC users as members in this user group.
  • On the folders [installation drive:]\[installation folder] and [installation drive:]\[installation folder]\[project]\[subfolder], Allow permission should be added for the following folder permissions:
    • Full Control
    • Modify
    • Read & Execute
    • List Folder Contents
    • Read
    • Write

NOTE:
The Windows user account (GMSDefaultUser) in the Windows users group is required to run a Windows service that runs the Desigo CC closed mode operation. The GMSDefaultUser account on each management station must have the proper access rights to the [installation drive:]\[installation folder]\[project]\[subfolder] folder on the server in order for the management station to run in closed mode.

Share Project Subfolder and Configure User

  • The individual sub folders (devices, documents, graphics, libraries, profiles, and shared) that you want to share are available in the project folder.
  • You have a list of users who are going to run Desigo CC on a client on the remote computer.
  1. On the Desigo CC server, in Windows Explorer, navigate to the [Installation Drive]:\[Installation Folder]\[Project Name]\[project shared subfolder name] folder.
  1. Right-click the project subfolder name and select Properties.
  • The [project subfolder name] Properties dialog box displays.
  1. Select Sharing tab.
  1. In the Sharing tab, in the Advanced Sharing section, click Advanced Sharing.
  1. In the Advanced Sharing dialog box that displays proceed as follows:
    a. Select Share this folder check box.
    b. Update the Share name by appending [Project Name]_ before the share name. For example, Project1_devices.
  1. Further, to add the user in the Advanced Sharing dialog box proceed as follows
    a. Click Permissions.
    NOTE: You should add only those users to whom you want to share the folder and give permissions.
    b. Click Add.
    c. In the Select Users, Computers, Service Accounts, or Groups dialog box that displays, type user name or object name that you want to find.
    d. Click Check Names.
    e. Click OK.
    f. In the Permissions for the [project subfolder name] the user name displays in the list of users with the Permission Level set to Read by default. In addition to Read, the permission to Change.
    g. Click Apply and then click OK.
  1. Repeat the substeps of step 6 to add any other users.
  • Advanced Sharing dialog box displays.
  1. In the Advanced Sharing dialog, click Apply and then click OK.