Nuances of BIM360 Security with Clarity

For those who are security-minded, there are some nuances to understand about the BIM360 Security Model, when used with Clarity or with any BIM360-enabled tool.

In the older BIM360 Teams-based approach, Clarity used what is called "Three-legged-Oauth" to connect to A360/BIM360. This meant that we requested access, and you supplied a user whose credentials would be used to access A360/BIM360. The Clarity server at your facility could see ONLY the hubs/projects that the designated user was able to see. 

In the new BIM360, Autodesk created an additional step - an application-based permission for Clarity. BIM360 administrators must enable access to Clarity for their whole hub/account. Within this setup there are two options:

     - Account Administration - allow Clarity access to read and write all user/project information (WE DO NOT NEED THIS)
     - Document Management - allow Clarity access to read and write all file information (WE DO NEED THIS)

In order for Clarity to have ANY access to the data, Clarity must be given access to the Document Management integration, which implies access to all files in all projects in the hub/account.

Things that are important to understand:

   - Clarity does NOT use this access. Clarity continues to only use the designated user's credentials to access data, and can only see the projects, files and folders that the designated user can see. Clarity can only update the files that the designated user can update.

   - From a security perspective, however, Clarity is operating with potentially more permissions than it needs (or wants).

   - IMAGINiT is working with Autodesk to make a clearer mechanism which allows only the access that we want (user-based).

Follow
Was this article helpful?
0 out of 1 found this helpful
Reply