Documente Academic
Documente Profesional
Documente Cultură
(Advanced)
TM-1301
TRAINING GUIDE
AVEVA Plant
(12.1)
www.aveva.com
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Revision Log
Date
Revision
22/07/2011
09/11/2011
0.1
0.2
10/11/2011
05/12/2011
29/02/2012
01/03/2012
06/03/2012
1.0
2.0
2.1
2.2
3.0
Description of Revision
Author
Reviewed
BT
BT
KB
BT
CF
KB
KB
KB
Approved
KB
-
NG
CF
SB
SB
NG
Updates
In general, all headings containing updated or new material will be highlighted.
Suggestion / Problems
If you have a suggestion about this manual or the system to which it refers, please report it to AVEVA
Training & Product Support (TPS) at tps@aveva.com
This manual provides documentation relating to products to which you may not have access or which may
not be licensed to you. For further information on which products are licensed to you please refer to your
licence conditions.
Visit our website at http://www.aveva.com
Disclaimer
1.1
AVEVA does not warrant that the use of the AVEVA software will be uninterrupted, error-free or free
from viruses.
1.2
AVEVA shall not be liable for: loss of profits; loss of business; depletion of goodwill and/or similar
losses; loss of anticipated savings; loss of goods; loss of contract; loss of use; loss or corruption of
data or information; any special, indirect, consequential or pure economic loss, costs, damages,
charges or expenses which may be suffered by the user, including any loss suffered by the user
resulting from the inaccuracy or invalidity of any data created by the AVEVA software, irrespective of
whether such losses are suffered directly or indirectly, or arise in contract, tort (including negligence)
or otherwise.
1.3
AVEVA's total liability in contract, tort (including negligence), or otherwise, arising in connection with
the performance of the AVEVA software shall be limited to 100% of the licence fees paid in the year
in which the user's claim is brought.
1.4
Clauses 1.1 to 1.3 shall apply to the fullest extent permissible at law.
1.5
In the event of any conflict between the above clauses and the analogous clauses in the software
licence under which the AVEVA software was purchased, the clauses in the software licence shall
take precedence.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Copyright
Copyright and all other intellectual property rights in this manual and the associated software, and every part
of it (including source code, object code, any data contained in it, the manual and any other documentation
supplied with it) belongs to, or is validly licensed by, AVEVA Solutions Limited or its subsidiaries.
All rights are reserved to AVEVA Solutions Limited and its subsidiaries. The information contained in this
document is commercially sensitive, and shall not be copied, reproduced, stored in a retrieval system, or
transmitted without the prior written permission of AVEVA Solutions Limited. Where such permission is
granted, it expressly requires that this copyright notice, and the above disclaimer, is prominently displayed at
the beginning of every copy that is made.
The manual and associated documentation may not be adapted, reproduced, or copied, in any material or
electronic form, without the prior written permission of AVEVA Solutions Limited. The user may not reverse
engineer, decompile, copy, or adapt the software. Neither the whole, nor part of the software described in
this publication may be incorporated into any third-party software, product, machine, or system without the
prior written permission of AVEVA Solutions Limited, save as permitted by law. Any such unauthorised
action is strictly prohibited, and may give rise to civil liabilities and criminal prosecution.
The AVEVA software described in this guide is to be installed and operated strictly in accordance with the
terms and conditions of the respective software licences, and in accordance with the relevant User
Documentation.
Unauthorised or unlicensed use of the software is strictly prohibited.
Copyright 1974 to current year. AVEVA Solutions Limited and its subsidiaries. All rights reserved. AVEVA
shall not be liable for any breach or infringement of a third party's intellectual property rights where such
breach results from a user's modification of the AVEVA software or associated documentation.
AVEVA Solutions Limited, High Cross, Madingley Road, Cambridge, CB3 0HB, United Kingdom.
Trademark
AVEVA and Tribon are registered trademarks of AVEVA Solutions Limited or its subsidiaries. Unauthorised
use of the AVEVA or Tribon trademarks is strictly forbidden.
AVEVA product/software names are trademarks or registered trademarks of AVEVA Solutions Limited or its
subsidiaries, registered in the UK, Europe and other countries (worldwide).
The copyright, trademark rights, or other intellectual property rights in any other product or software, its
name or logo belongs to its respective owner.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Contents
1
Introduction .............................................................................................................................................. 9
1.1
Aim..................................................................................................................................................... 9
1.2
Objectives ......................................................................................................................................... 9
1.3
Prerequisites .................................................................................................................................... 9
1.4
Course Structure .............................................................................................................................. 9
1.5
Using this guide ............................................................................................................................... 9
1.6
Setting up the Training Course .................................................................................................... 10
2
Extract Databases .................................................................................................................................. 11
2.1
Overview ......................................................................................................................................... 11
2.1.1
Creating Extract Databases ..................................................................................................... 11
2.1.2
Working in Extract Databases .................................................................................................. 11
2.1.3
Updating Changes from Extract Databases ............................................................................. 12
2.2
Types of Extract Databases .......................................................................................................... 12
2.2.1
Standard Extracts ..................................................................................................................... 12
2.2.2
Working Extracts ...................................................................................................................... 12
2.2.3
Variant Extracts ........................................................................................................................ 13
2.3
Write Access to an Extract Databases......................................................................................... 13
2.4
Extract Families.............................................................................................................................. 13
2.4.1
Querying Extract Families ........................................................................................................ 14
2.5
Choosing an Appropriate Database ............................................................................................. 14
2.6
Extract Data Control in Design ..................................................................................................... 15
2.6.1
The Get All Changes Button .................................................................................................... 15
2.6.2
The Update CE Button ............................................................................................................. 16
2.6.3
The Extract Claimlists Button ................................................................................................... 16
2.6.4
The User Claimlists button ....................................................................................................... 16
2.6.5
The Extract Button.................................................................................................................... 17
2.6.6
Extract Database Operations - Scope...................................................................................... 17
2.6.7
The Prefix Info Button .............................................................................................................. 17
2.6.8
Change Highlighting ................................................................................................................. 18
2.6.9
Rules and Connections ............................................................................................................ 18
2.6.10
The Flush Button ...................................................................................................................... 18
2.6.11
The Issue Button ...................................................................................................................... 19
2.6.12
The Drop Button ....................................................................................................................... 19
2.7
Creating Standard Extract Databases A Worked Example) ................................................... 20
2.7.1
Create Teams........................................................................................................................... 20
2.7.2
Create Users ............................................................................................................................ 20
2.7.3
Create a Master Database ....................................................................................................... 21
2.7.5
Create Standard Extracts ......................................................................................................... 22
2.7.6
Create MDBs ............................................................................................................................ 23
2.7.7
Testing Standard Extract Databases in Design ....................................................................... 24
2.7.8
Extract Change Highlighting ..................................................................................................... 27
2.7.9
Outstanding in Extract .............................................................................................................. 28
2.7.10
Introduced by Get All Changes ................................................................................................ 29
2.7.11
Displaying Items Introduced by Get All Changes ..................................................................... 30
Exercise 1 Extract Databases .................................................................................................................... 32
2.8
Creating Working Extracts A Worked Example ....................................................................... 33
Exercise 2 - Testing Working Extracts in Design ....................................................................................... 34
3
Data Access Control (DAC) .................................................................................................................. 35
3.1
Data Access Control Overview .................................................................................................. 35
3.2
ACRs - Roles and Scopes ............................................................................................................. 35
3.2.1
Permissible Operations (Perops) ............................................................................................. 36
3.3
Enabling DAC ................................................................................................................................. 36
3.4
Creating Scopes, Roles and Permissible Operations A Worked Example ........................... 36
3.4.1
Creating a Scope...................................................................................................................... 36
3.4.2
Creating Roles and Permissible Operations ............................................................................ 37
3.5
Creating Access Control Rights A Worked Example ............................................................... 38
3.5.1
Create an ACR for ALL ............................................................................................................ 39
3.6
Setting User Access A Worked Example .................................................................................
39
www.aveva.com
3.6.1
Using Access Control Assistant ............................................................................................... 40
5
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
3.6.2
Using Create/Modify User ........................................................................................................ 40
3.7
Testing PDMS Access Control ..................................................................................................... 41
3.8
Querying User Access in Design ................................................................................................. 42
3.9
DAC Negative Implementation.................................................................................................... 43
3.10 Setting DAC for use with MDS ...................................................................................................... 44
4
Project Setup Using Excel .................................................................................................................... 45
4.1
Export to Excel ............................................................................................................................... 45
4.2
Admin Excel Spreadsheet ............................................................................................................. 46
4.2.1
Admin Excel Spreadsheet Extract Databases ...................................................................... 46
4.2.2
Admin Excel Spreadsheet Working Extract Databases ........................................................ 47
4.2.3
Admin Excel Spreadsheet Scope.......................................................................................... 47
4.2.4
Admin Excel Spreadsheet Roles and Perops ....................................................................... 48
4.2.5
Admin Excel Spreadsheet ACR ............................................................................................ 49
4.3
Import from Excel........................................................................................................................... 49
4.3.1
Selecting an MDB for User Defined Data ................................................................................ 50
4.4
Admin Database Rollback ............................................................................................................. 51
Exercise 3 Project Setup Excel Export / Import ...................................................................................... 52
5
PML Encryption ...................................................................................................................................... 53
5.1
Overview of PML Encryption ........................................................................................................ 53
5.2
PML Encryption Utility Program ................................................................................................... 53
5.2.1
Typical workflow ....................................................................................................................... 53
5.2.2
Licensing .................................................................................................................................. 53
5.3
Using the PML Encryption Utility Program ................................................................................. 54
5.4
Choosing Files ............................................................................................................................... 55
5.4.1
Single File ................................................................................................................................. 55
5.4.2
All Files in a Folder ................................................................................................................... 55
5.4.3
Files in a pmllib -like Folder Tree ............................................................................................. 55
5.4.4
File/Folder paths....................................................................................................................... 55
5.5
Encryption Algorithms .................................................................................................................. 55
5.5.1
Encryption Type 0: No Encryption ............................................................................................ 55
5.5.2
Encryption Type 1: Trivial Encryption....................................................................................... 56
5.5.3
Encryption Type 2: Basic Encryption ....................................................................................... 56
5.5.4
Encryption Type 3: RC4 Encryption ......................................................................................... 56
5.6
Encrypting PML Files A Worked Example ................................................................................ 56
5.6.1
Supplied Files ........................................................................................................................... 56
5.6.2
Directory Structure ................................................................................................................... 57
5.6.3
Testing using a Batch File ........................................................................................................ 58
5.6.4
Testing the None Option .......................................................................................................... 58
5.6.5
Testing the Trivial Option ......................................................................................................... 59
5.6.6
Encrypting Multiple Files .......................................................................................................... 59
5.6.7
Testing Encrypted Macros ....................................................................................................... 60
5.7
Buffering Encrypted Files ............................................................................................................. 62
5.8
Editing Published PML Files ......................................................................................................... 63
5.9
Using the $R Command ................................................................................................................ 63
5.10 Troubleshooting ............................................................................................................................. 63
6
Intellectual Property Rights Database Protection .............................................................................. 65
6.1
IPR Protection Overview ............................................................................................................... 65
6.2
Changes to Admin for Database Protection ............................................................................... 65
6.3
Changing Database Protection A Worked Example ................................................................ 67
6.3.1
Testing Database IPR Protection for the Output Command .................................................... 67
6.3.2
Testing Database IPR Protection for the Copy Command ...................................................... 68
6.4
Attribute Protection ....................................................................................................................... 69
6.5
Checking Attribute Protection A Worked Example ................................................................. 69
6.5.1
Creating an MDB in the MAS Project ....................................................................................... 69
6.5.2
Attributes as a Free User ......................................................................................................... 70
6.5.3
Attributes as a Restricted User ................................................................................................ 70
6.5.4
Comparing Results ................................................................................................................... 71
7
Enhanced Entry Scripts ........................................................................................................................ 73
7.1
Creating an Encrypted Entry Script ............................................................................................. 73
7.2
Typical Entry Macro ....................................................................................................................... 75
www.aveva.com
7.3
Typical Entry Batch File ................................................................................................................
75
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
7.4
Enhanced Entry Scripts (PML Publisher Available) ................................................................... 76
7.4.1
Typical User Macro .................................................................................................................. 76
7.4.2
Creating the Encrypted Entry Script ......................................................................................... 76
7.4.3
Typical Entry Batch File (PML Publisher Available) ................................................................. 77
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
CHAPTER 1
Introduction
The AVEVA Plant (12.1) System Administration (Advanced) training guide is designed as a continuation to
the AVEVA Plant (12.1) System Administration (Basic) training guide. It builds on existing PDMS
administration concepts and introduces additional functionality to assist administrators.
1.1
Aim
To provide administrators with the knowledge and skills necessary to administer PDMS projects using
advanced features and functionality.
1.2
Objectives
Introduce PDMS concepts specific to Extract Databases, Data Access Control, Encryption of files, and
Intellectual Property Rights Database Protection.
Explain the basic concepts of Extract Databases.
Show how to create Standard and Working Extract Databases.
Create and edit data in an Extract Database.
Explain how Data Access Control can be used to control PDMS data.
Demonstrate how to create simple Data Access Control rules.
Be able to encrypt PML forms, functions object and macros.
Explain the basic concepts of Intellectual Property Rights Database Protection.
Demonstrate the protection of a catalogue database.
1.3
Prerequisites
It is expected that trainees will have completed the TM-1300 AVEVA Plant (12.1) System Administration
(Basic) training course. Trainees who can demonstrate a suitable understanding of PDMS administration
may also be permitted to undertake the training.
1.4
Course Structure
Training will consist of oral and visual presentations, demonstrations, worked examples and set exercises.
Each workstation will have a training project populated with model objects. This will be used by the trainees
to practice their methods and complete the set exercises.
1.5
Certain text styles are used to indicate special situations throughout this document.
Menu pull downs and button press actions are indicated by bold dark turquoise text.
Information the user has to Key-in will be bold red text.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Additional information notes and references to other documentation will be indicated in the styles below.
Additional information
Refer to other documentation
System prompts will be bold and italic in inverted commas i.e. 'Choose function'.
Example files or inputs will be in the courier new font. If users are required to enter information as part of
an example, appropriate fonts and styles previously outlined will be used.
1.6
Create a new project using the Project Creation Wizard. From the start bar select:
Start > All Programs > AVEVA Plant > Design > PDMS 12.1.SP2 > Project Creation Wizard.
Enter the following details for the project.
Project Training
Code
TRA
Address:
C:\AVEVA\plant\PDMS12.1.SP2\project\Training
Click the Create button.
Login to the Administration module of the new PDMS project using the details provided by the trainer. They
will typically be similar to this:
Project
Training
Username
SYSTEM
Password
XXXXXX
It is not necessary to specify an MDB to enter Admin. Free Users, like SYSTEM, are NOT shown on the
Username pull down.
In Admin select Utilities > Training Setup from the main menu to display the Training Admin form.
Select the Training Setup tab. From the Number of
Designers option list select 1, then click the Create Project
button.
A Progress Bar is displayed in the lower right hand corner of
the screen. Additional feedback is provided in the Command
Window.
This process sets the project to a known state, ready for the
training course. The process may take several minutes, but
when complete the user will be returned to the default Admin
screen and the Training Setup form will close.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
10
CHAPTER 2
Extract Databases
PDMS allows a sub-set of databases to be copied from master databases. These sub-sets are referred to
as Extract databases. Extract databases may be as simple as a single database allocated to one user, or
they may be more complex, catering for multiple designers over a range of disciplines.
Extract databases allow data from a master database to be shared and modified without effecting the master
databases. New data can also be created in the extract databases. Any changes made in the extract
databases can be returned to the master databases as and when the administrator requires it.
2.1
Overview
Extract databases provided a useful way of controlling data workflow within a discipline and controlling cross
discipline modifications. They are also useful for workflows that require persistent claims or workflow in
multiple locations (i.e. Global projects).
2.1.1
An extract can only be created from an existing multiwrite database (i.e. DESI, PADD, CATA and ISOD).
As such, extract databases themselves are multiwrite.
Extracts cannot be created from foreign databases and cannot be created from copy databases.
Many Extracts can be created from one Master database. It is also possible to create an extract of an
extract, thereby creating an Extract Family.
2.1.2
When an extract is created, it will be empty, with pointers back to the owning or master database. When
elements are worked on in the extract database,they are claimed in the extract in a similar way to simple
Multiwrite databases, so no other user can work on them. Claims are persistent from session to session.
When work is saved, the changed data will be saved to the extract, not the master database.
unchanged data will still be read via pointers back to the master database.
Any
Extract databases can be worked on by a user at the same time as another user is working on the master
database or another extract. Any changes made in the master database can be updated in the extract
database.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
11
2.1.3
At some stage in the design process it will be necessary to return information from the extract database to
the master database. Two methods are available to facilitate this process:
Flush copies changes to the master database, but claims on elements still persist. This allows
other users to see the changes made but ensures that no changes can be made to the elements.
Issue copies changes to the master database and removes all claims from the elements. Other
users can see the changes made and make further modifications if required.
Alternatively, if the data is no longer required it may be Dropped. If data is dropped, no changes will be
transferred to the master database but claims on model elements will remain.
2.2
Three different types of extract databases can be created. Features pertaining to each type of extract
database are noted in the sections that follow.
2.2.1
Standard Extracts
Standard extracts are similar to normal multiwrite databases. They can be owned by any team, given any
name, and added to MDBs in the usual way.
The claim mode may be implicit or explicit. If an element is being worked on by any other user in the Extract
Family, no other user can work on it.
2.2.2
Working Extracts
Working Extracts are created uniquely for an individual user, i.e. one per user. Working Extracts only
require the use of a single MDB.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
12
2.2.3
Variant Extracts
Both Standard and Working extracts can be variant extracts. Variants are a special type of extracts in which
elements are not claimed from the owner. They are designed to allow users to try out different designs
which then may, or may not, be written back to the master database.
When variants are used, all changes are merged together on issue. Changes are handled at attribute level,
so that different users can change different attributes on the same element and then merge their changes.
No locking is applied to a variant extract, and any locks applied to other extracts are ignored. This allows
many users to modify the same element in a given session, but has the disadvantage that any conflicts will
not be found until the changes are issued. If two users modify the same attribute, the last change to be
merged takes precedence.
PDMS will ensure that all merges comply with the basic database rules, that is, the data will comply with all
DICE checking requirements. It cannot check that the data makes sense in design terms. It is
recommended that data consistency and clash checks are always carried out on the resulting merged data.
2.3
Write access to an extract database is controlled in the same way as any other database. The user must be
a member of the Team owning the extract and the user must select an MDB containing the extract. Data
Access Control can also be applied to limit operations available to users.
Extracts in the same family can be owned by the same team or by different teams.
2.4
At this release, an extract can only be created at the bottom of an extract tree.It is not possible to insert
a new extract between existing generations, or create a new master for the extract family.
Extract Families
A Master database may have up to 8000 extract databases. Extracts can be created from another extract,
forming a hierarchy of extracts (to a maximum of 10 levels). All the extracts derived from the same master
are described as an Extract Family.
The original database is known as the Master database. The Master database is the owner or parent of the
first level of extracts. If a more complex hierarchy of extracts is created, the lower level extracts will have
parent extracts which are not the master. The extracts immediately below an extract are known as extract
members.
The following diagram illustrates an example of an extract family hierarchy:
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
13
In this example:
PIPES
PIPES_X1
PIPES_X10
is a child of PIPES_X1.
2.4.1
The following attributes can be queried to obtain information about the structure of an extract family:
Database attributes
EXTNO
Extract Number
EXTFAM
Extract Family
EXTOWN
Extract Owner
ISEXOP
EXTMAS
Extract Master
ISEXMP
EXTALS
Extract Ancestors
ISEXAP
EXTCLS
Extract Children
LVAR
Variant
EXTDES
Extract Descendants
LCTROL
Controlled
2.5
It is often advantageous for administrators to use both master databases and extract databases in a project.
Suggested use of extract and master database types is provided below:
Use Extract Databases for:
Controlling data workflow within a discipline.
Controlling cross discipline modifications (e.g. supports).
Persistent claims.
Integrated working environment with other offices (Global 2).
Use Master databases for:
Enabling cross discipline review/approval of data.
Catalogue, Library and Template data.
Splitting data into smaller units to avoid mass data processing through large collections, clashing and
spatial map updates.
Controlling the visibility of data in working areas.
Controlling the distribution of sub-contractors data.
Separating common data for export across projects.
Reducing the consequences of possible data corruption.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
14
2.6
The following sections detail the functionality contained within the form.
2.6.1
The Get All Changes button updates an extract with changes made in the owning database. Get all
changes can be to a first-level extract from a master database, or to a low-level extract from a higher-level
extract (one level at a time). This is similar to doing a Get Work on a normal database.
The From parent extract only and From all extract ancestors radio buttons determine where the
changes are taken from.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
15
2.6.2
2.6.3
2.6.4
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
16
2.6.5
Clicking the Extract button transfers the write access of a given primary element to an extract.
A claim can be to a first-level extract from a master database, or to a low-level extract from a higher-level
extract.
If the extract database has been set-up in Implicit claim mode then modifying the element will claim it
automatically.
2.6.6
The Element Hierarchy and Single Element radio buttons in the Extract DB Operations Scope area of
the form enable either the hierarchy below the identified element, or only the identified element, to be
extracted.
Items can be claimed using Utilities > Claim Lists from the main menu.
2.6.7
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
17
2.6.8
Change Highlighting
It is possible to highlight elements in an extract database that will be Issued, Flushed or Dropped or added
to the database (following the Get All Changes command) using the Extract Data Control form.
Items that are outstanding in the extract or that have arisen by getting changes from the master database
can be displayed this way.
2.6.9
After a Flush the Item is still claimed. This is an example of a persistent claim.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
18
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
19
2.7
This worked example creates a number of users, teams and MDBs that will be used to create a number of
extract databases. The effect of flushing and issuing information will also be demonstrated.
2.7.1
Create Teams
For this example three new Teams will be created. Using the Admin Elements form create the following
Teams:
MASTERA
EXTEAMB
EXTEAMC
2.7.2
Create Users
Three new Users are also required. Create the following Users and Passwords:
USER
Password
APPRUSERA
EXUSERB
EXUSERC
Team
APPRUSERA
MASTERA
EXUSERB
EXTEAMB
EXUSERC
EXTEAMC
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
20
2.7.3
Design
Click the Apply button and dismiss the form. Check that the new database MASTERA/DESI is displayed in
the Database and Extracts list.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
21
2.7.5
T
wo extracts of the database will be created and assigned to separate teams. On the Admin Elements form
ensure Databases & Extracts is selected in the Elements option list.
create
on
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
22
2.7.6
Create MDBs
Copy MDB A-PIPING to create an MDB called MASA with a description of Master Extract MDB.
Put the MASTERA/DESI database at the top of the Current Databases list.
Create two further copies of MDB A-PIPING named EXTB, description Extract B, and EXTC, description
Extract C, respectively.
Put the database EXTEAMB/DESI_X1 at the top of MDB EXTB and the database EXTEAMC/DESI_X2 at
the top of MDB EXTC.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
23
2.7.7
Enter PDMS Design with Username APPRUSERA, Password A and MDB MASA. Make the main display
window small in height and put it at the top of the screen.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
24
Savework.
In the APPRUSERA session (top of the screen) select Design > Get Work from the main menu. Note that
the new equipment, EQ3, is not displayed in the session. This is because the equipment has not been
Flushed or Issued to the master database.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
25
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
26
In order for another designer to modify the equipment EQ3 it must be Issued to release the Claim.
2.7.8
It is possible to highlight elements in an extract database that will be Issued, Flushed or Dropped or added
to the database (following Get All Changes) using the Extract Data Control form.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
27
2.7.9
Outstanding in Extract
Select Design > Extract Control... from the main menu to display the Extract Data Control form.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
28
The effect of issuing various elements in combination with changing the scope can be seen in the example
below. In this instance the Site TRA.SITE has been Issued with the scope set to Single Element. The
Zone EQUIP.ZONE has also been Issued with the scope set to Element Hierarchy.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
29
Save Work.
On the Extract Data Control form click the Get All Changes button.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
30
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
31
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
32
2.8
Working extracts are allocated to users. In the following worked example working extracts for three users,
USERA, USERB and USERC will be created to database MASTERA/DESI.
Users
to
the
Team
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
33
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
34
CHAPTER 3
3
Being a member of the team that owns the database controls write access in PDMS. However, due to
project security requirements or company working practises, it may be necessary to further restrict data
access. By using Data Access Control (DAC) PDMS Administrators can restrict access to PDMS types,
names, or particular areas, of the PDMS model.
3.1
Data Access Control in regular PDMS projects is governed by team membership. Users must be a member
of the Team owning the database in order to write to it.
Normal PDMS data access control will apply to the Project unless the Data Access Control (DAC) option in
the Administration module is switched on. Before implementing DAC, administrators need to be aware of the
following considerations:
Once DAC is switched on, General Users will not have write access to any elements unless suitable
Access Control Rights have been set up.
Users are completely restricted from doing any operation and subsequent permissions allow certain
tasks to be carried out.
Users are free to do any operation and subsequent permissions restrict certain tasks from being
carried out.
At the heart of DAC is the creation of Access Control Rights (ACRs) for each user. ACRs allow the
Administrator to:
Restrict access to named elements, given element types, or particular volumes of the model.
3.2
Users can be given one or more ACRs. Each ACR is made up of two parts, a Role and a Scope.
A Role defines what operations the designer can carry out on which elements e.g. Create, Modify
and Delete all types of PDMS elements.
A Scope defines the part of the Design to which the Role applies e.g. a particular Site in DESIGN or
Registry in DRAFT, or a specified volume within the model.
Roles and Scopes are referenced by ACRs and must therefore be created before the ACR has its RoleRef
and ScopeRef attributes set.
Roles are likely to be used on all Projects, but Scopes are usually Project specific.
www.aveva.com
35
3.2.1
A Role is a set of Permissible Operations (Perops), which define the operations that can be performed on a
given element type.
3.3
Enabling DAC
DAC can be enabled by selecting Project > Data
Access Control from the main menu in the
Administration module. A confirmation message is
displayed.
3.4
The following worked example will create a Scope for ALL areas of the work, a Role for ALL, a Role for a
Piping Designer and Permissible Operations for the Piping Designer.
3.4.1
Creating a Scope
Scopes define the area of the plant where the PDMS Designer can work. The following scope gives access
to all areas of the plant.
Select the Scopes tab in the upper pane of the form. Right click on
Scopes and select New scope from the pop-up menu to display a
new scope row.
Double click in the Scope name field to edit the information
contained within it. Enter ALLSCOPE in the Scope name textbox.
In a similar manner enter All Scope in the Scope description text
box.
Enter ALL in the Scope selection text box.
The Scope selection could be made more specific by entering the name of a SITE or ZONE, etc.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
36
The syntax used to define Scopes is similar to the syntax used in PML. Key words, such as ALL, can be
used in a DAC context. An example of the type of syntax used to define a Scope would be: ALL WITH
NAME OF SITE EQ <FULL PDMS NAME OF SITE>.
3.4.2
A Role defines the type of objects that can be created. Roles can be created in two ways; by adding access
or by removing access. The removal of access may occur in situations where a designer is initially given full
access rights which are then restricted.
Open the Operations options list. Each entry, i.e. Create, Modify, Delete, etc, has three settings, Ignore,
Disallow and Allow. Clicking each entry will cycle through these choices. Set all of the entries to Allow.
Set the Attributes field to ALL and the Error message field to Can Create All.
37
Enter PIPING-DESIGNER in the Role name textbox and Piping Designer in the Role description textbox.
Right click on PIPE-DESIGNER entry of the Role name and select New perop from the pop-up menu to
display the new perop row.
Enter PIPE-DESIGNER-PIPE in the Perop name textbox followed by PIPE in the Element types textbox.
Enter (Purp of Zone eq 'PIPE' and Function neq ISSUED) in the Qualifying condition textbox.
Set all the Operations entries to Allow and enter ALL in the Attributes textbox.
Enter You can only create pipes in a Piping Zone that has not been Issued in the Error message
textbox.
Create a new perop row to allow the Pipe Designer the ability to orientate position and connect to nozzles.
Enter PIPE-DESIGNER-NOZZ in the Perop name textbox followed by NOZZ in the Element type textbox.
Leave the Qualifying condition as unset.
In the Operations options list set Create, Output, Export and Copy to Disallow, Delete to Disallow and
Modify, Claim, Issue and Drop to Allow.
Enter ORI CREF and POS in the Attributes textbox and enter You can only position, rotate and connect
to Nozzles in the Error message textbox.
Create another Perop for the Pipe Designer that will allow Branches to be created if the Pipe has not been
issued.
Enter PIPE-DESIGNER-BRAN in the Perop name textbox followed by BRANCH HIERAR in the Element
types textbox.
Enter Function of Pipe neq ISSUED in the Qualifying condition textbox.
Set all the Operations entries to Allow then enter ALL in the Attributes textbox.
Enter You cannot create a Branch or Branch Components if the Pipe has been Issued in the Error
message textbox.
The following Perops are now available.
Follow a similar process to create Roles and Perops for the Design Supervisor and the Equipment Designer.
For the Role of the Equipment Designer, allow the creation of the equipment hierarchy only where the
Purpose of the Zone is EQUIP.
3.5
There is no need to create separate SCOPES for the Supervisor, Piping Designer and Equipment
Designer. Use the SCOPE /ALLSCOPE for all three users.
Access Control Rights (ACRs) are used to link Roles and Scopes. To recap, a Role is what a User can
do and a Scope is where the user can do it.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
38
This worked example creates ACRs for ALL items (e.g. a supervisor), for Pipe Designers and Equipment
Designers.
3.5.1
3.6
Remember, once DAC has been set on then the default access to PDMS is no access, and ACRs must be
set for each User. In this worked example three users will be created and access rights set for each.
A.PIPER will be a Piping Designer and will be given Pipe Designer access.
A.EQUIP will be the Equipment Designer and will be given Equipment Designer access.
ACR can be set in two ways, using drag and drop on the Access Control Assistant or by using the Create
User or Modify User on the Admin Elements Form.
www.aveva.com
39
3.6.1
3.6.2
Select Users in the Element options list of the Admin Elements form.
Select <USER> A.SUPERVISOR and click the Modify button to display the Modify User:
A.SUPERVISOR form.
Make sure the Users are members of the correct team to write to the database.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
40
3.7
In the previous sections, a number of users have been created and ACRs have also been created for each
user. To re-cap:
A.SUPERVISOR
A.PIPER
can only create pipes in a Zone with a Purp of PIPE and where the pipe has not
been ISSUED.
A.EQUIP
The effect of DAC can be seen by testing the ACRs in design. Ensure that DAC is turned on for the Project
then enter a Design session and test the following scenarios:
A.SUPERVISOR
A.PIPER
A.EQUIP
Test that Equipment can only be created in a Zone with a Purp of EQUI.
Enter Design as user A.PIPER and navigate to a Nozzle. Select Modify > Attributes from the main menu.
Note that only Position, Orientation and Cref attributes
can be modified. All other attributes are greyed out.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
41
3.8
User access in Design may be queried by selecting Query > Project from the main menu. The Query
Project form will be displayed.
The Users tab displays a list of users. Selecting a User from the list displays details about the user including
Team membership.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
42
3.9
Previous examples of DAC have focused on a method of implementation whereby Designers are generally
denied access then granted only specific access to achieve certain tasks.
An alternative implementation is where the designer is first given full access and is then restricted from
undertaking certain tasks. This is sometimes refered to as Negative DACs.
The advantage of using this method is that PDMS can display more meaningful messages.
disadvantage is that there are more Perops for each Designer.
The
Earlier in this training guide the Role ALL-DESIGNER was created. This role will now be modified to prevent
the designer creating equipment. In Admin modify the Role ALL-DESIGNER using the Access Control
Assistant and create a new Perop.
NOT-EQUIPMENT
Element types
EQUIP HIERARCHY
Qualifying Condition
unset
Operations
Attributes
ALL
Error Message
www.aveva.com
43
Enter PDMS as A.SUPERVISOR and check that all items except the Equipment Hierarchy can be created.
Condition
BRAN HEIR
REST HEIR
SNOD HEIR
STRU HEIR
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
44
CHAPTER 4
4
Project Setup Excel Import and Export is designed to make the process of setting-up an AVEVA Plant
project easier by allowing Administration data to be imported via spreadsheets.
It is important that the Excel Spreadsheets used for both the Import and Export functions are in the correct
format. The required format is the same for both functions, therefore the correct format can easily be
obtained by exporting data from the Administration module and examining the results.
4.1
Export to Excel
The Export to Excel utility can be accessed by selecting
Utilities > Export from the main menu of the Administration
module.
The Admin Export form will be displayed. From this form
the User can enter a file path for the export file.
Alternatively the
suitable file location.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
45
4.2
4.2.1
The required format for Extract Databases is shown below. Data in some columns can be altered without
restriction (e.g. Description), while other columns reflect a value within an appropriate context (e.g. Claim
Mode can only be Implicit or Explicit). Guidance on the values required in each column are provided below.
#Keyword
EXTRACT.
Owning Team
Name
Description
Description of Database.
Parent
Parent Database.
Claim Mode
IMPLICIT or EXPLICIT.
Variant
Yes or No.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
46
4.2.2
The required format for Working Extract Databases is shown below. Data in some columns can be altered
without restriction (e.g. Description), while other columns reflect a value within an appropriate context (e.g.
Claim Mode can only be Implicit or Explicit). Guidance on the values required in each column are provided
below.
#Keyword
WORKEXTRACT.
Owning User
Description
Description of Database.
Parent
Parent Database.
Claim Mode
IMPLICIT or EXPLICIT.
Variant
Yes or No.
4.2.3
On export, Data Access Control requirements are separated into their component parts, ACR,s, ACR
Groups, Scopes, Roles and Perops. The required format for Scopes is shown below. As with the other
spreadsheets considered, data in some columns can be altered without restriction (e.g. Description), while
other columns reflect a value within an appropriate context (e.g. Selection could utilise the keyword ALL).
Guidance on the values required in each column are provided below.
#Keyword
SCOPE.
Name
Name of Scope.
Description
Description of Scope.
Selection
ALL (keyword). Alternatively, Sites or Zones specific to the project could be used.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
47
4.2.4
Roles are specified followed by the associated Permissible Operation (PEROP). Roles require only three
fields. Guidance on the values required to define the Role are given below.
#Keyword
ROLE.
Name
Description
Description of ROLE.
Permissable Operations require considerably more fields to account for all Create, Modify and Delete
operations and any associated error messages. Guidance on suitable values is provided below.
#Keyword
PEROP.
Owner
Owning Role.
Name
Name of Perop.
www.aveva.com
48
Qualifying condition
Qualifying Rule. Often this will utilise a Purpose or Function of a model element.
OpCreate
OpModify
OpDelete
OpClaim
OpIssue
OpDrop
OpOutput
OpExport
OpCopy
Attributes
Error message
4.2.5
The required format for an ACR is shown below. As with the other spreadsheets considered, data in some
columns can be altered without restriction (e.g. Description), while other columns reflect a value within an
appropriate context (e.g. Scope will reference a valid Scope in the project). Guidance on the values required
in each column are provided below.
#Keyword
ACR.
Name
Name of ACR.
Description
Description of ACR.
Scope
Role
Name of Role.
4.3
4.3.1
Once the import operation has finished, the System Administrator is prompted to supply an MDB if one has
not previously been set.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
50
4.4
The Admin Database can be rolled back following an Excel import in the event that errors were encountered.
by
selecting
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
51
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
52
CHAPTER 5
5
PML Encryption
This chapter describes how to create and use PDMS PML Encryption or Published PML. Various levels of
encryption can be applied to any PML functions, forms, objects, and macros.
5.1
PML is the AVEVA Programmable Macro Language. The details of the language may be found in the PDMS
Software Customisation Guide and the PDMS Software Customisation Reference Manual, supplied with the
product.
PML functions, objects, forms and macros may be encrypted using the tools described in this chapter. Once
encrypted they may be used within PDMS but cannot easily be read.
Please note that the encryption used is of limited strength, and is not secure against all possible attacks.
Details of the encryptions used are described later.
Once a PML file has been encrypted, it is no longer possible to read or edit the file. The Published PML
toolkit does not include a tool for un-encrypting files. It is good practise to ensure that a safe copy of the
original file is retained, in case further modifications are required later.
5.2
The encryption utility program is a command window program designed to be included in the PML software
development process.
5.2.1
Typical workflow
When undertaking PML encryption tasks the following workflow should be adhered to:
Check the encryption is successful and the files work in the expected manner.
Not all files within a PML folder hierarchy are always PML. Images, for example, should not be
encrypted, but may need to be supplied with the encrypted versions of the PML.
Automating the encryption procedure via batch files, perl script, or a PML script will make it easier to
create the encrypted PML files when the source PML is updated.
5.2.2
Licensing
The pmlencrypt.exe utility program requires a PML Publisher licence in the license file (the feature name is
VPD-PMLPUBLISHER). If this is not present in the license then the program will not run.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
53
5.3
The form of the PML Encryption Utility Program can be seen by running pmlencrypt.exe without arguments
(or with an invalid set of arguments). An output similar to that below is produced.
uses 40-bit RC4 encryption from the Microsoft Base Cryptographic Provider (default).
-basic
-trivial
-none
-buffer N
causes the file to be retained in memory until a module switch once it has been read N times
(the default is never).
-folder
-pmllib
is used to encrypt ALL .pmlobj .pmlfnc .pmlfrm and .pmlmac files from the folders in a
PMLLIB-type folder structure beneath from_path to to_path.
from_path
to_path
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
54
5.4
Choosing Files
PML files are not required to have particular file extensions. PML2 functions, objects, forms and macros are
normally stored in files with the extensions .pmlfnc, .pmlobj, .pmlfrm and .pmlmac respectively. However,
other PML files such as those in the pdmsui folder of a PDMS installation do not have a file extension.
As any PML file (with or without a file extension) may be read with a $m command, care must be taken when
choosing files to encrypt. Other files, such as icon images and configuration files cannot be used by PDMS
when encrypted.
5.4.1
Single File
If neither of the folder or pmllib options are used the from_path and to_path arguments are taken to be
single file-names or paths (which should not include embedded spaces). The to_path file is created or
overwritten, as appropriate.
This option may be used whenever there is a single file to encrypt, and can also be useful within a script,
where the file selection is handled by the script itself. No assumptions are made about file extensions.
5.4.2
If the folder option is used the from_path and to_path arguments are taken to be names or paths of
folders (which should not include embedded spaces). All files in the from_path folder are encrypted into the
to_path folder. The to_path folder is created, if required, and the files inside it are overwritten.
No file extension is required, so care must be taken not to encrypt non-PML files.
5.4.3
If the pmllib option is used the from_path and to_path arguments are taken to be names or paths of
folders (which should not include embedded spaces). All folders beneath the from_path folder are scanned,
and files with extensions .pmlfnc, .pmlobj, .pmlfrm or .pmlmac are encrypted to a matching structure
constructed or overwritten beneath the to_path folder.
As this option is file-extension sensitive, it will not encrypt, or copy, image or other unrelated files in the
hierarchy.
5.4.4
File/Folder paths
Care must be taken when the from_path and to_path arguments are given. The from path must precede
the to_path, otherwise the wrong file may be overwritten.
The from_path and to_path arguments cannot be identical. This is to reduce the risk of accidental
overwriting of the source-files. Embedded spaces are not supported in the paths.
5.5
Encryption Algorithms
There are four encryption options that use different encryption algorithms. The following sections describe
the four options.
5.5.1
Encryption Type 0 (No Encryption) adds a standard Published PML header to the file, i.e. --<000>-Published PML 12.0 >--, but does not otherwise encrypt the file.
It can be selected by choosing the none option in the encryption call.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
55
5.5.2
Encryption Type 1 (Trivial Encryption) is designed for testing purposes only. It provides no security, as the
lines can be read backwards. It is used to establish that the encryption system is functioning correctly and
that an incompatible version of PDMS has not been installed.
It can be selected by choosing the trivial option in the encryption call.
5.5.3
Encryption Type 2 (Basic Encryption) is an alternative simple encryption algorithm which is implemented
directly and does not rely on external libraries.
It can be selected by choosing the basic option in the encryption call.
5.5.4
Although this is the most robust encryption algorithm provided, it is still of limited strength and is not
secure against all possible attacks.
5.6
In this worked example supplied PML files will be encrypted using various options.
5.6.1
Supplied Files
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
56
C:\testencrypt\pmllib_original\macros\NZONE
/ENCRYPT-SITE
handle(2,109)
$p Site /ENCRYPT-SITE does not exist
return
endhandle
new zone /ENCRYPT-ZONE
handle(41,12)
$p site /ENCRYPT-ZONE exits
DELETE ZONE
return
endhandle
5.6.2
Directory Structure
The PML files should be stored in the correct PML directory structure.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
57
5.6.3
It is recommended that a batch file be created to encrypt the PML files. In this example a simple batch file
will be written to test each option.
In a suitable text editor open the batch file, encrypt.bat, in the folder C:\testencrypt most of the lines are
commented out using rem with the exception of the second to last line which would display help.
Keep the file open for editing. Ensure all of the sub-folders in the C:\testencrypt\pmllib-encrypt folder are
empty.
5.6.4
The first test uses the none option on the area.pmlfnc file to see if the encryption process is working. The
encrypt batch file needs to be edited (remove rem) to allow this line of the file to be run. The batch file
should look like this:
Run the batch file by locating encrypt.bat with Windows Explorer then double clicking on it. A cmd window
will be displayed. To check the result, navigate to the C:\testencrypt\pmllib-encrypt\functions folder and
edit the area.pmlfnc. The function should look like this:
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
58
5.6.5
Edit encrypt.bat and enter rem at the start of the line containing the none option. Remove the rem from the
start of the line containing the trivial option. The batch file should look like this:
Save the file and double click on it to run the encryption. The file, hello.pmlfrm, has been encrypted using
the trivial option.
Navigate to the C:\testencrypt\pmllib-encrypt\forms folder and edit the hello.pmlfrm. The function should
look like this:
Note that the file is readable backwards, i.e. mrof putes is setup form.
5.6.6
All files with valid pml extensions can be encrypted in one command using the pmllib option.
Edit the encrypt .bat file by entering rem at the start of the line containing the trivial option. Remove the rem
from the start of the line containing the rc4 pmllib option. The batch file should look like this:
Save the file and double click on it to run the encryption. Navigate to each of the sub-folders of
pmllib-encrypt and note that all pml files have been encrypted with the exception of NZONE as this does
not have a valid pml file extension.
All Files without a valid pml extension can be encrypted in one command using the folder option, however,
care must be taken using this option as some files may not be pml macros.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
59
Save the file and double click on it to run the encryption. Navigate to the macro sub-folder of pmllib-encrypt
and note that the file NZONE has now been encrypted.
5.6.7
When PDMS recognises an encrypted macro it is decrypted in memory as it is used. In this section the
encrypted macros will be tested. In order to test the encrypted macros the pointer to pmllib must be changed
to point to a multi path.
Edit the file evars.bat. This batch file can be found in the %PDMSEXE% directory typically
C:\AVEVA\Plant\PDMS12.1.SP2. Close to the bottom of the file add the line:
set pmllib=C:\testencrypt\pmllib-encrypt %pmllib%
Save the file and close the editor. Enter PDMS using the following options:
Project Training, Username A.PIPER, Password A, MDB /A-PIPING, Module Design
The file pml.index needs to be updated to include the new files in the extended path.
Enter PML REHASH ALL in the Command Window to regenerate the file. If further files are encrypted the
file should be refreshed using this command.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
60
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
61
5.7
Reading an encrypted pml file takes longer than reading a plain-text version. In some circumstances PML
files may be re-read many times during a session, thus encrypting files may have some impact on
performance.
The command PML STATISTICS displays information on the numbers of times each file has been read,
together with some additional information useful to AVEVA when testing the Published PML functionality.
In order to reduce the time taken to re-read the files, Published PML files may contain a buffering directive in
the header-line, i.e. the first line in the file. If a dash and a number are included directly after the three-digit
encryption algorithm id, then PDMS will retain the file in memory indefinitely once it has been read the
specified number of times.
Heavily used files may be edited to add buffering to the header by hand. For example:
--<004-5>-- Published PML 1.1 >-Alternatively, the n option, where n is the number of times the file is to be read before buffering, of
pmlencrypt.exe may be used.
For example:
C:\AVEVA\pmlencrypt -rc4 buffer 5 %from%\functions\area.pmlfnc %to%\functions\area.pmlfnc.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
62
5.8
Most changes made to an encrypted PML file will make it unusable, i.e. PDMS will report a corrupt file if
attempted, however, there are a few exceptions:
As noted in the previous section, a buffering value may be added or changed in the Published PML
header-line. For example:
--<004>-- Published PML 1.1 >-- may be changed to --<004-5>-- Published PML 1.1 >-Adding a buffering value of 5.
The second line of rc4 or basic encrypted files may be edited to report a different error or message.
For example:
--<003>-- Published PML 1.1 >-return error 99 'This file is not readable by this version of PDMS'
$** 9ad7b51fc44384a8601979728b185f52
may be changed to
--<003>-- Published PML 1.1 >-return error 66 'You need a PDMS patch ring Ian on extension 6655'
$** 9ad7b51fc44384a8601979728b185f52
Lines in trivial encrypted or un-encrypted files may be changed.
5.9
If an attempt to display or record encrypted PML using the $R commands is made, all lines are replaced by
the text <hidden>. Error messages and trace-backs will include function names, but not the text of each line.
The only circumstance in which hidden lines can become visible is during a macro which includes a moduleswitch. After a module switch, any remaining lines in that macro may be traceable.
5.10 Troubleshooting
PDMS will issue an error if any of the following occurs:
Attempting to read an encrypted PML file in an incompatible version of PDMS.
Attempting to read an encrypted file that has become corrupted (e.g. editing encrypted text).
Attepting to read files encrypted with algorithms added in future versions of pmlencrypt.exe.
Attempting to read an rc4 encrypted file on a computer without the Microsoft Base Cryptographic
Provider installed.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
63
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
64
CHAPTER 6
PDMS enables strict Intellectual Property Rights (IPR) Protection to be applied at database level, allowing
a project administrator to restrict the ability to extract data held within a database.
6.1
Protected databases are marked as uniquely belonging to the project such that restricted users cannot copy
data from that database into another project, even through a physical copy of the database file.
Functionality that permits copying of data from a protected database is not available to restricted users. For
example:
OUTPUT command (DATAL).
COPY command, when copying across databases.
EXPORT command.
Data Access Routines (DARs).
In addition, read access to certain attributes is restricted in order to obstruct an unauthorised user from
writing their own DATAL like functionality in PML.
6.2
The Administration command syntax has been extended to allow the project administrator to set (or clear)
protection on any database within a project, and to set (or clear) an expiry date for that database.
The CHANGE command has been extended to change the protection on a named database, and control
timed expiry by optionally specifying a future date, using the standard date format used in existing
commands. The extended syntax is as follows:
CHANGE databasename PROTection [ ON | OFF ] [ EXPires future-date ].
The CREATE DB command has been similarly extended, with the following syntax:
CREATE DB dbname dbtype [ SUBTYPE MARINE ] PROTected [ EXPires future-date ].
The following pseudo attributes are associated with all DATABASE elements to query the Protected status
and the expiry date of the represented database.
LProtected - returns a True if the database is protected and False if it is unprotected.
Expiry - returns a text value giving the expiry date of the database in ISO date format,
YYYY-MM-DD. The pseudo attribute is unset if the database has no expiry date.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
65
The Modify Database form has the same functionality as the Create Database form except that the Expiry
cannot be toggled off if previously set, however the date may be changed.
The end-user experience is unchanged except where that user is restricted with respect to a protected
database. In these cases meaningful errors are displayed to indicate that user privileges are not sufficient to
complete the requested operation.
Data Access Routines (DARs) have been restricted so that they cannot access data in a protected
database. An indicative error message is displayed in these circumstances.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
66
6.3
This worked example sets the protection on an existing catalogue database. Enter PDMS using the following
options:
Project MAS, Username SYSTEM, Password XXXXXX, MDB None, Module Admin.
6.3.1
COPY command,
databases.
EXPORT command.
when
copying
across
The Catalogue MASTER/PIPECATA is used as the Piping catalogue reference in the TRA project. As the
catalogue is now protected the OUTPUT Command for catalogue items should be unavailable for this
catalogue.
Enter PDMS using the following options:
Project Training, Username A.PIPER, Password A, MDB /A-PIPING, Module Paragon.
The Paragon user interface should be set to display the Catalogue Explorer and a Command Window.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
67
Using the Catalogue Explorer navigate to the Catalogue World called MASTER/PIPECATA, the CATA
called PDMSPIPE.CATA-ANSI and the SECT called ELBOW-ANSI.
This section can be checked to see if it is in the
protected catalogue database by entering Q
DBNAME in the Command Window. It should return
MASTER/PIPECATA.
The OUTPUT command may also be tested in the
Command Window by entering OUTPUT CE. As the
MASTER/PIPECATA is protected an error message
is displayed.
6.3.2
The COPY command should also be unavailable, preventing information being transferred from a protected
database to an unprotected database. Navigate to and expand the PIPING/CATA-A World in the Catalogue
Explorer to show the CATA element /CATA-PIPING-A previously created with the database.
Enter Q DBNAME in the Command Window. It should return PIPING/CATA-A.
A new SECT and CATE will be created in this database using the Command Window, the CATE will be a
copy of an existing MASTER component.
Enter the following commands in the Command Window:
NEW SECT /Elbows
NEW CATE /AAEA200-PIPE COPY /AAEA200 RENAME /AAEA200 /AAEA200-PIPE
Make sure DAC is turned OFF on the project or that no DAC is applied to Paragon.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
68
6.4
Attribute Protection
When the attributes of an item in a protected database are queried, some of the attributes will not be
displayed, i.e. some attributes are invisible to restricted users in a protected database. The restricted
attributes are mostly in the catalogue, but there are also some in the Properties and Design Databases.
As not all the attributes are visible it makes it very difficult to create a macro that would be able to recreate
the database items.
Typical attributes that are invisible are the height of a cylinder in the catalogue and the nominal bore of a
component connection point.
6.5
To check attribute protection a catalogue database is entered as a Free User and the attributes of a primitive
are queried. A check is made on the same item as a Restricted User.
To see what attributes are available an MDB is created in the MAS project and the protected database
MASTER/PIPECATA added to it. Paragon may then be used to compare attributes between a protected
database and an unprotected database.
6.5.1
Select Admin > Exit from the main menu to leave PDMS.
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
www.aveva.com
69
6.5.2
6.5.3
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
70
6.5.4
Comparing Results
Comparing the two Attribute forms it can be seen that the Pdiameter attribute is missing from the Restricted
Users query.
Free User
Restricted User
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
71
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
72
CHAPTER 7
A new form has been introduced to allow generation of encrypted command scripts. This form is activated
from the Create Script button on the Admin Elements form. It is activated by selecting Users or MDBs
from the Elements pull down list.
7.1
Enter the PDMS Admin Module, Project Training, Username SYSTEM, Password XXXXXX.
From the Admin Elements form select Users, select the user TRAINER and click the Create Script Button.
The Input option is only available if a PML Publisher license is available in the current environment.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
73
Confirm
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
74
The file has been encrypted using the same technology as PML Publisher.
7.2
Create the following entry macro and save it as entry.pmlmac in the %pdmsuser% directory typically
C:\AVEVA\Plant\Data12.1.1\pdmsuser.
-- call entry macro
$m/C:\AVEVA\Plant\Data12.1.SP2\pdmsuser\projectentry.mac
dev tty
ALPHA log /C:\AVEVA\Plant\Data12.1.SP2\pdmsuser\aa.log over
/A-PIPING
Design
q mem
alpha log end
finish
The above macro runs the entry script created previously and allows access to PDMS without user names
and passwords being displayed. It sets an MDB, enters Design, sets a log file, queries the members and
exits PDMS.
7.3
The Macro must Exit PDMS. An example of the above file can be found in the Training Setup Directory
typically C:\AVEVA\Plant\Training12.1\Training\pdmsuser.
Create the following entry batch file and save it as no-pub-batch.bat in the %pdmsuser% directory typically
C:\AVEVA\Plant\Data12.1.SP2\pdmsuser.
set pdms_installed_dir=C:\AVEVA\Plant\PDMS12.1.SP2\.
set PDMSEXE=C:\AVEVA\Plant\PDMS12.1.SP2
set PDMSWK=C:\AVEVA\Plant\Data12.1.SP2\pdmswk
call "%pdms_installed_dir%\evars" "%pdms_installed_dir%"
%PDMSEXE%\mon tty -macro=%PDMSEXE%\pdmsuser\entry.pmlmac
The above batch file sets the required environment variable for PDMS and the Project and runs the entry
macro.
An example of the above file can be found in the Training Setup Directory typically
C:\AVEVA\Plant\Training12.1\Training\Admin.
www.aveva.com
75
7.4
The Script Generation form has the option to include a user supplied macro which is included into the
encrypted script.
This option is only available if a PML Publisher License is available in the current environment.
7.4.1
Create the following macro and save it as doit.mac in the %pdmsuser% directory typically
C:\AVEVA\Plant\Data12.1.SP2\pdmsuser.
dev tty
/A-PIPING
Draft
ALPHA log /C:\AVEVA\Plant\Data12.1.SP2\pdmsuser\aa.log over
q mem
alpha log end
finish
The above macro will be added to the encrypted entry script that is subsequently created. The macro sets
an MDB, enters Draft, opens a log file, queries the members and exits PDMS.
7.4.2
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
76
7.4.3
Create the following entry batch file and save it as pub-batch.bat in the %pdmsuser% directory typically
C:\AVEVA\Plant\Data12.1.SP2\pdmsuser.
set pdms_installed_dir=C:\AVEVA\Plant\PDMS12.1.SP2\.
set PDMSEXE=C:\AVEVA\Plant\PDMS12.1.SP2
set PDMSWK=C:\AVEVA\Plant\Data12.1.SP2\pdmswk
call "%pdms_installed_dir%\evars" "%pdms_installed_dir%"
%PDMSEXE%\mon tty -macro=%PDMSEXE%\pdmsuser\projectentry.mac
The above batch file sets the required PDMS and Project environment variables and runs the entry macro.
The projectentry.mac macro file includes both encrypted entry and encrypted input and can therefore be run
standalone.
An example of the above file can be found in the Training Setup Directory typically
C:\AVEVA\Plant\Training12.1\Training\Admin.
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
77