System Administration

System Administration
(Advanced)
TM-1301
TRAINING GUIDE
AVEVA Plant
(12.1)
www.aveva.com
AVEVA Plant (12.1)

System Administration (Advanced) TM-1301
www.aveva.com
Copyright 1974 to current year.
AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
AVEVA Plant (12.1)

Revision Log
Date
Revision
22/07/2011
09/11/2011
0.1
0.2
10/11/2011
05/12/2011
29/02/2012
01/03/2012
06/03/2012
1.0
2.0
2.1
2.2
3.0
Description of Revision
Author
Reviewed
Issued for Review PDMS 12.1.1

Reviewed
BT
BT
KB
Issued for Training PDMS 12.1.1

Issued with latest copyright footer
Issued for Review PDMS 12.1.SP2
Reviewed
Approved for Training PDMS 12.1.SP2
BT
CF
KB
KB
KB
Approved
KB
-
NG
CF
SB
SB
NG
Updates
In general, all headings containing updated or new material will be highlighted.
Suggestion / Problems
If you have a suggestion about this manual or the system to which it refers, please report it to AVEVA
Training & Product Support (TPS) at tps@aveva.com
This manual provides documentation relating to products to which you may not have access or which may
not be licensed to you. For further information on which products are licensed to you please refer to your
licence conditions.
Visit our website at http://www.aveva.com
Disclaimer
1.1
AVEVA does not warrant that the use of the AVEVA software will be uninterrupted, error-free or free
from viruses.
1.2
AVEVA shall not be liable for: loss of profits; loss of business; depletion of goodwill and/or similar
losses; loss of anticipated savings; loss of goods; loss of contract; loss of use; loss or corruption of
data or information; any special, indirect, consequential or pure economic loss, costs, damages,
charges or expenses which may be suffered by the user, including any loss suffered by the user
resulting from the inaccuracy or invalidity of any data created by the AVEVA software, irrespective of
whether such losses are suffered directly or indirectly, or arise in contract, tort (including negligence)
or otherwise.
1.3
AVEVA's total liability in contract, tort (including negligence), or otherwise, arising in connection with
the performance of the AVEVA software shall be limited to 100% of the licence fees paid in the year
in which the user's claim is brought.
1.4
Clauses 1.1 to 1.3 shall apply to the fullest extent permissible at law.
1.5
In the event of any conflict between the above clauses and the analogous clauses in the software
licence under which the AVEVA software was purchased, the clauses in the software licence shall
take precedence.
www.aveva.com
AVEVA Plant (12.1)

Copyright
Copyright and all other intellectual property rights in this manual and the associated software, and every part
of it (including source code, object code, any data contained in it, the manual and any other documentation
supplied with it) belongs to, or is validly licensed by, AVEVA Solutions Limited or its subsidiaries.
All rights are reserved to AVEVA Solutions Limited and its subsidiaries. The information contained in this
document is commercially sensitive, and shall not be copied, reproduced, stored in a retrieval system, or
transmitted without the prior written permission of AVEVA Solutions Limited. Where such permission is
granted, it expressly requires that this copyright notice, and the above disclaimer, is prominently displayed at
the beginning of every copy that is made.
The manual and associated documentation may not be adapted, reproduced, or copied, in any material or
electronic form, without the prior written permission of AVEVA Solutions Limited. The user may not reverse
engineer, decompile, copy, or adapt the software. Neither the whole, nor part of the software described in
this publication may be incorporated into any third-party software, product, machine, or system without the
prior written permission of AVEVA Solutions Limited, save as permitted by law. Any such unauthorised
action is strictly prohibited, and may give rise to civil liabilities and criminal prosecution.
The AVEVA software described in this guide is to be installed and operated strictly in accordance with the
terms and conditions of the respective software licences, and in accordance with the relevant User
Documentation.
Unauthorised or unlicensed use of the software is strictly prohibited.
Copyright 1974 to current year. AVEVA Solutions Limited and its subsidiaries. All rights reserved. AVEVA
shall not be liable for any breach or infringement of a third party's intellectual property rights where such
breach results from a user's modification of the AVEVA software or associated documentation.
AVEVA Solutions Limited, High Cross, Madingley Road, Cambridge, CB3 0HB, United Kingdom.
Trademark
AVEVA and Tribon are registered trademarks of AVEVA Solutions Limited or its subsidiaries. Unauthorised
use of the AVEVA or Tribon trademarks is strictly forbidden.
AVEVA product/software names are trademarks or registered trademarks of AVEVA Solutions Limited or its
subsidiaries, registered in the UK, Europe and other countries (worldwide).
The copyright, trademark rights, or other intellectual property rights in any other product or software, its
name or logo belongs to its respective owner.
www.aveva.com
Contents
1
Introduction .............................................................................................................................................. 9
1.1
Aim..................................................................................................................................................... 9
1.2
Objectives ......................................................................................................................................... 9
1.3
Prerequisites .................................................................................................................................... 9
1.4
Course Structure .............................................................................................................................. 9
1.5
Using this guide ............................................................................................................................... 9
1.6
Setting up the Training Course .................................................................................................... 10
2
Extract Databases .................................................................................................................................. 11
2.1
Overview ......................................................................................................................................... 11
2.1.1
Creating Extract Databases ..................................................................................................... 11
2.1.2
Working in Extract Databases .................................................................................................. 11
2.1.3
Updating Changes from Extract Databases ............................................................................. 12
2.2
Types of Extract Databases .......................................................................................................... 12
2.2.1
Standard Extracts ..................................................................................................................... 12
2.2.2
Working Extracts ...................................................................................................................... 12
2.2.3
Variant Extracts ........................................................................................................................ 13
2.3
Write Access to an Extract Databases......................................................................................... 13
2.4
Extract Families.............................................................................................................................. 13
2.4.1
Querying Extract Families ........................................................................................................ 14
2.5
Choosing an Appropriate Database ............................................................................................. 14
2.6
Extract Data Control in Design ..................................................................................................... 15
2.6.1
The Get All Changes Button .................................................................................................... 15
2.6.2
The Update CE Button ............................................................................................................. 16
2.6.3
The Extract Claimlists Button ................................................................................................... 16
2.6.4
The User Claimlists button ....................................................................................................... 16
2.6.5
The Extract Button.................................................................................................................... 17
2.6.6
Extract Database Operations - Scope...................................................................................... 17
2.6.7
The Prefix Info Button .............................................................................................................. 17
2.6.8
Change Highlighting ................................................................................................................. 18
2.6.9
Rules and Connections ............................................................................................................ 18
2.6.10
The Flush Button ...................................................................................................................... 18
2.6.11
The Issue Button ...................................................................................................................... 19
2.6.12
The Drop Button ....................................................................................................................... 19
2.7
Creating Standard Extract Databases A Worked Example) ................................................... 20
2.7.1
Create Teams........................................................................................................................... 20
2.7.2
Create Users ............................................................................................................................ 20
2.7.3
Create a Master Database ....................................................................................................... 21
2.7.5
Create Standard Extracts ......................................................................................................... 22
2.7.6
Create MDBs ............................................................................................................................ 23
2.7.7
Testing Standard Extract Databases in Design ....................................................................... 24
2.7.8
Extract Change Highlighting ..................................................................................................... 27
2.7.9
Outstanding in Extract .............................................................................................................. 28
2.7.10
Introduced by Get All Changes ................................................................................................ 29
2.7.11
Displaying Items Introduced by Get All Changes ..................................................................... 30
Exercise 1 Extract Databases .................................................................................................................... 32
2.8
Creating Working Extracts A Worked Example ....................................................................... 33
Exercise 2 - Testing Working Extracts in Design ....................................................................................... 34
3
Data Access Control (DAC) .................................................................................................................. 35
3.1
Data Access Control Overview .................................................................................................. 35
3.2
ACRs - Roles and Scopes ............................................................................................................. 35
3.2.1
Permissible Operations (Perops) ............................................................................................. 36
3.3
Enabling DAC ................................................................................................................................. 36
3.4
Creating Scopes, Roles and Permissible Operations A Worked Example ........................... 36
3.4.1
Creating a Scope...................................................................................................................... 36
3.4.2
Creating Roles and Permissible Operations ............................................................................ 37
3.5
Creating Access Control Rights A Worked Example ............................................................... 38
3.5.1
Create an ACR for ALL ............................................................................................................ 39
3.6
Setting User Access A Worked Example .................................................................................
39
www.aveva.com
3.6.1
Using Access Control Assistant ............................................................................................... 40
5
AVEVA Plant (12.1)

3.6.2
Using Create/Modify User ........................................................................................................ 40
3.7
Testing PDMS Access Control ..................................................................................................... 41
3.8
Querying User Access in Design ................................................................................................. 42
3.9
DAC Negative Implementation.................................................................................................... 43
3.10 Setting DAC for use with MDS ...................................................................................................... 44
4
Project Setup Using Excel .................................................................................................................... 45
4.1
Export to Excel ............................................................................................................................... 45
4.2
Admin Excel Spreadsheet ............................................................................................................. 46
4.2.1
Admin Excel Spreadsheet Extract Databases ...................................................................... 46
4.2.2
Admin Excel Spreadsheet Working Extract Databases ........................................................ 47
4.2.3
Admin Excel Spreadsheet Scope.......................................................................................... 47
4.2.4
Admin Excel Spreadsheet Roles and Perops ....................................................................... 48
4.2.5
Admin Excel Spreadsheet ACR ............................................................................................ 49
4.3
Import from Excel........................................................................................................................... 49
4.3.1
Selecting an MDB for User Defined Data ................................................................................ 50
4.4
Admin Database Rollback ............................................................................................................. 51
Exercise 3 Project Setup Excel Export / Import ...................................................................................... 52
5
PML Encryption ...................................................................................................................................... 53
5.1
Overview of PML Encryption ........................................................................................................ 53
5.2
PML Encryption Utility Program ................................................................................................... 53
5.2.1
Typical workflow ....................................................................................................................... 53
5.2.2
Licensing .................................................................................................................................. 53
5.3
Using the PML Encryption Utility Program ................................................................................. 54
5.4
Choosing Files ............................................................................................................................... 55
5.4.1
Single File ................................................................................................................................. 55
5.4.2
All Files in a Folder ................................................................................................................... 55
5.4.3
Files in a pmllib -like Folder Tree ............................................................................................. 55
5.4.4
File/Folder paths....................................................................................................................... 55
5.5
Encryption Algorithms .................................................................................................................. 55
5.5.1
Encryption Type 0: No Encryption ............................................................................................ 55
5.5.2
Encryption Type 1: Trivial Encryption....................................................................................... 56
5.5.3
Encryption Type 2: Basic Encryption ....................................................................................... 56
5.5.4
Encryption Type 3: RC4 Encryption ......................................................................................... 56
5.6
Encrypting PML Files A Worked Example ................................................................................ 56
5.6.1
Supplied Files ........................................................................................................................... 56
5.6.2
Directory Structure ................................................................................................................... 57
5.6.3
Testing using a Batch File ........................................................................................................ 58
5.6.4
Testing the None Option .......................................................................................................... 58
5.6.5
Testing the Trivial Option ......................................................................................................... 59
5.6.6
Encrypting Multiple Files .......................................................................................................... 59
5.6.7
Testing Encrypted Macros ....................................................................................................... 60
5.7
Buffering Encrypted Files ............................................................................................................. 62
5.8
Editing Published PML Files ......................................................................................................... 63
5.9
Using the $R Command ................................................................................................................ 63
5.10 Troubleshooting ............................................................................................................................. 63
6
Intellectual Property Rights Database Protection .............................................................................. 65
6.1
IPR Protection Overview ............................................................................................................... 65
6.2
Changes to Admin for Database Protection ............................................................................... 65
6.3
Changing Database Protection A Worked Example ................................................................ 67
6.3.1
Testing Database IPR Protection for the Output Command .................................................... 67
6.3.2
Testing Database IPR Protection for the Copy Command ...................................................... 68
6.4
Attribute Protection ....................................................................................................................... 69
6.5
Checking Attribute Protection A Worked Example ................................................................. 69
6.5.1
Creating an MDB in the MAS Project ....................................................................................... 69
6.5.2
Attributes as a Free User ......................................................................................................... 70
6.5.3
Attributes as a Restricted User ................................................................................................ 70
6.5.4
Comparing Results ................................................................................................................... 71
7
Enhanced Entry Scripts ........................................................................................................................ 73
7.1
Creating an Encrypted Entry Script ............................................................................................. 73
7.2
Typical Entry Macro ....................................................................................................................... 75
www.aveva.com
7.3
Typical Entry Batch File ................................................................................................................
75
AVEVA Plant (12.1)

7.4
Enhanced Entry Scripts (PML Publisher Available) ................................................................... 76
7.4.1
Typical User Macro .................................................................................................................. 76
7.4.2
Creating the Encrypted Entry Script ......................................................................................... 76
7.4.3
Typical Entry Batch File (PML Publisher Available) ................................................................. 77
www.aveva.com
AVEVA Plant (12.1)

www.aveva.com
CHAPTER 1
Introduction
The AVEVA Plant (12.1) System Administration (Advanced) training guide is designed as a continuation to
the AVEVA Plant (12.1) System Administration (Basic) training guide. It builds on existing PDMS
administration concepts and introduces additional functionality to assist administrators.
1.1
Aim
To provide administrators with the knowledge and skills necessary to administer PDMS projects using
advanced features and functionality.
1.2
Objectives
Introduce PDMS concepts specific to Extract Databases, Data Access Control, Encryption of files, and
Intellectual Property Rights Database Protection.
Explain the basic concepts of Extract Databases.
Show how to create Standard and Working Extract Databases.
Create and edit data in an Extract Database.
Explain how Data Access Control can be used to control PDMS data.
Demonstrate how to create simple Data Access Control rules.
Be able to encrypt PML forms, functions object and macros.
Explain the basic concepts of Intellectual Property Rights Database Protection.
Demonstrate the protection of a catalogue database.
1.3
Prerequisites
It is expected that trainees will have completed the TM-1300 AVEVA Plant (12.1) System Administration
(Basic) training course. Trainees who can demonstrate a suitable understanding of PDMS administration
may also be permitted to undertake the training.
1.4
Course Structure
Training will consist of oral and visual presentations, demonstrations, worked examples and set exercises.
Each workstation will have a training project populated with model objects. This will be used by the trainees
to practice their methods and complete the set exercises.
1.5
Using this guide
Certain text styles are used to indicate special situations throughout this document.
Menu pull downs and button press actions are indicated by bold dark turquoise text.
Information the user has to Key-in will be bold red text.
www.aveva.com
AVEVA Plant (12.1)

Additional information notes and references to other documentation will be indicated in the styles below.
Additional information
Refer to other documentation
System prompts will be bold and italic in inverted commas i.e. 'Choose function'.
Example files or inputs will be in the courier new font. If users are required to enter information as part of
an example, appropriate fonts and styles previously outlined will be used.
1.6
Setting up the Training Course
Create a new project using the Project Creation Wizard. From the start bar select:
Start > All Programs > AVEVA Plant > Design > PDMS 12.1.SP2 > Project Creation Wizard.
Enter the following details for the project.
Project Training
Code
TRA
Address:
C:\AVEVA\plant\PDMS12.1.SP2\project\Training
Click the Create button.
Login to the Administration module of the new PDMS project using the details provided by the trainer. They
will typically be similar to this:
Project
Training
Username
SYSTEM
Password
XXXXXX
Click the Login button.
It is not necessary to specify an MDB to enter Admin. Free Users, like SYSTEM, are NOT shown on the
Username pull down.
In Admin select Utilities > Training Setup from the main menu to display the Training Admin form.
Select the Training Setup tab. From the Number of
Designers option list select 1, then click the Create Project
button.
A Progress Bar is displayed in the lower right hand corner of
the screen. Additional feedback is provided in the Command
Window.
This process sets the project to a known state, ready for the
training course. The process may take several minutes, but
when complete the user will be returned to the default Admin
screen and the Training Setup form will close.
www.aveva.com
10
CHAPTER 2
Extract Databases
PDMS allows a sub-set of databases to be copied from master databases. These sub-sets are referred to
as Extract databases. Extract databases may be as simple as a single database allocated to one user, or
they may be more complex, catering for multiple designers over a range of disciplines.
Extract databases allow data from a master database to be shared and modified without effecting the master
databases. New data can also be created in the extract databases. Any changes made in the extract
databases can be returned to the master databases as and when the administrator requires it.
2.1
Overview
Extract databases provided a useful way of controlling data workflow within a discipline and controlling cross
discipline modifications. They are also useful for workflows that require persistent claims or workflow in
multiple locations (i.e. Global projects).
2.1.1
Creating Extract Databases
An extract can only be created from an existing multiwrite database (i.e. DESI, PADD, CATA and ISOD).
As such, extract databases themselves are multiwrite.
Extracts cannot be created from foreign databases and cannot be created from copy databases.
Many Extracts can be created from one Master database. It is also possible to create an extract of an
extract, thereby creating an Extract Family.
Extract Families are considered later in this training guide.
2.1.2
Working in Extract Databases
When an extract is created, it will be empty, with pointers back to the owning or master database. When
elements are worked on in the extract database,they are claimed in the extract in a similar way to simple
Multiwrite databases, so no other user can work on them. Claims are persistent from session to session.
When work is saved, the changed data will be saved to the extract, not the master database.
unchanged data will still be read via pointers back to the master database.
Any
Extract databases can be worked on by a user at the same time as another user is working on the master
database or another extract. Any changes made in the master database can be updated in the extract
database.
www.aveva.com
11
AVEVA Plant (12.1)

2.1.3
Updating Changes from Extract Databases
At some stage in the design process it will be necessary to return information from the extract database to
the master database. Two methods are available to facilitate this process:
Flush copies changes to the master database, but claims on elements still persist. This allows
other users to see the changes made but ensures that no changes can be made to the elements.
Issue copies changes to the master database and removes all claims from the elements. Other
users can see the changes made and make further modifications if required.
Alternatively, if the data is no longer required it may be Dropped. If data is dropped, no changes will be
transferred to the master database but claims on model elements will remain.
2.2
Types of Extract Databases
Three different types of extract databases can be created. Features pertaining to each type of extract
database are noted in the sections that follow.
2.2.1
Standard Extracts
Standard extracts are similar to normal multiwrite databases. They can be owned by any team, given any
name, and added to MDBs in the usual way.
The claim mode may be implicit or explicit. If an element is being worked on by any other user in the Extract
Family, no other user can work on it.
2.2.2
Working Extracts
Working Extracts are created uniquely for an individual user, i.e. one per user. Working Extracts only
require the use of a single MDB.
www.aveva.com
12
AVEVA Plant (12.1)

2.2.3
Variant Extracts
Both Standard and Working extracts can be variant extracts. Variants are a special type of extracts in which
elements are not claimed from the owner. They are designed to allow users to try out different designs
which then may, or may not, be written back to the master database.
When variants are used, all changes are merged together on issue. Changes are handled at attribute level,
so that different users can change different attributes on the same element and then merge their changes.
No locking is applied to a variant extract, and any locks applied to other extracts are ignored. This allows
many users to modify the same element in a given session, but has the disadvantage that any conflicts will
not be found until the changes are issued. If two users modify the same attribute, the last change to be
merged takes precedence.
PDMS will ensure that all merges comply with the basic database rules, that is, the data will comply with all
DICE checking requirements. It cannot check that the data makes sense in design terms. It is
recommended that data consistency and clash checks are always carried out on the resulting merged data.
2.3
Write Access to an Extract Databases
Write access to an extract database is controlled in the same way as any other database. The user must be
a member of the Team owning the extract and the user must select an MDB containing the extract. Data
Access Control can also be applied to limit operations available to users.
Extracts in the same family can be owned by the same team or by different teams.
2.4
At this release, an extract can only be created at the bottom of an extract tree.It is not possible to insert
a new extract between existing generations, or create a new master for the extract family.
Extract Families
A Master database may have up to 8000 extract databases. Extracts can be created from another extract,
forming a hierarchy of extracts (to a maximum of 10 levels). All the extracts derived from the same master
are described as an Extract Family.
The original database is known as the Master database. The Master database is the owner or parent of the
first level of extracts. If a more complex hierarchy of extracts is created, the lower level extracts will have
parent extracts which are not the master. The extracts immediately below an extract are known as extract
members.
The following diagram illustrates an example of an extract family hierarchy:
www.aveva.com
13
AVEVA Plant (12.1)

In this example:
PIPES
is the Master and the parent of PIPES_X1.
PIPES_X1
is a child of PIPES and the parent of PIPES_X10.
PIPES_X10
is a child of PIPES_X1.
The members of PIPES are PIPES_X1 and PIPES_X2.
2.4.1
Querying Extract Families
The following attributes can be queried to obtain information about the structure of an extract family:
Database attributes
EXTNO
Extract Number
EXTFAM
Extract Family
EXTOWN
Extract Owner
ISEXOP
Owner Primary Here
EXTMAS
Extract Master
ISEXMP
Master Primary Here
EXTALS
Extract Ancestors
ISEXAP
Ancestry Primary Here
EXTCLS
Extract Children
LVAR
Variant
EXTDES
Extract Descendants
LCTROL
Controlled
2.5
Choosing an Appropriate Database
It is often advantageous for administrators to use both master databases and extract databases in a project.
Suggested use of extract and master database types is provided below:
Use Extract Databases for:
Controlling data workflow within a discipline.
Controlling cross discipline modifications (e.g. supports).
Persistent claims.
Integrated working environment with other offices (Global 2).
Use Master databases for:
Enabling cross discipline review/approval of data.
Catalogue, Library and Template data.
Splitting data into smaller units to avoid mass data processing through large collections, clashing and
spatial map updates.
Controlling the visibility of data in working areas.
Controlling the distribution of sub-contractors data.
Separating common data for export across projects.
Reducing the consequences of possible data corruption.
www.aveva.com
14
AVEVA Plant (12.1)

2.6
Extract Data Control in Design
In the Design module extract data is managed

using the Extract Data Control form. If extract
databases are present in the selected MDB the
form can be displayed by selecting Design >
Extract Control from the main menu.
If no extract databases are present in the MDB an
error message is displayed.
The following sections detail the functionality contained within the form.
2.6.1
The Get All Changes Button
The Get All Changes button updates an extract with changes made in the owning database. Get all
changes can be to a first-level extract from a master database, or to a low-level extract from a higher-level
extract (one level at a time). This is similar to doing a Get Work on a normal database.
The From parent extract only and From all extract ancestors radio buttons determine where the
changes are taken from.
www.aveva.com
15
AVEVA Plant (12.1)

2.6.2
The Update CE Button
The Update CE button refreshes the claim list

for the current element.
2.6.3
The prefix E is explained later in this

chapter.
The Extract Claimlists Button
The Extract Claimlists button shows details of

the items Extracted to a database. The items
are not necessarily claimed by a user.
The Extract Claim options list enables the data
to be displayed for the CE, MDB, or a selected
database.
2.6.4
The User Claimlists button
Clicking the User Claimlists button

enables elements to be claimed in
the same way as selecting Utilities >
Claimlists from the main menu.
www.aveva.com
16
AVEVA Plant (12.1)

2.6.5
The Extract Button
Clicking the Extract button transfers the write access of a given primary element to an extract.
A claim can be to a first-level extract from a master database, or to a low-level extract from a higher-level
extract.
If the extract database has been set-up in Implicit claim mode then modifying the element will claim it
automatically.
2.6.6
Extract Database Operations - Scope
The Element Hierarchy and Single Element radio buttons in the Extract DB Operations Scope area of
the form enable either the hierarchy below the identified element, or only the identified element, to be
extracted.
Items can be claimed using Utilities > Claim Lists from the main menu.
2.6.7
The Prefix Info Button
Clicking the Prefix Info button displays the

Prefix Information form.
The form contains the explanation of the prefix
codes and can be used to remind designers of
the claim and update condition of the database
items.
In this example, Site /SITE-PIPES-AREA01

has prefix codes E and M, meaning that the
Site is Claimed and Modified, whilst the zone
ZONE-PIPING-AREA01 is just claimed to the
extract.
www.aveva.com
17
AVEVA Plant (12.1)

2.6.8
Change Highlighting
It is possible to highlight elements in an extract database that will be Issued, Flushed or Dropped or added
to the database (following the Get All Changes command) using the Extract Data Control form.
Items that are outstanding in the extract or that have arisen by getting changes from the master database
can be displayed this way.
2.6.9
Rules and Connections
When the Always Issue / Flush Changed Rules /

Connections checkbox is selected, any related
items will also be Issued or Flushed.
This would typically be used where a claimed pipe

is connected to equipment nozzles or another pipe.
As such, it would be appropriate to Issue (or Flush)
the equipment with the pipe and vice versa.
Selecting Resultant Additional Elements
displays additional elements via the Changed Rules
& Connections form.
2.6.10 The Flush Button

Clicking the Flush button copies local changes to the owning database but the elements are not released.
Users who have access to the owning database can now see the changes, but they cannot make changes
to the elements.
After a Flush the Item is still claimed. This is an example of a persistent claim.
www.aveva.com
18
AVEVA Plant (12.1)

2.6.11 The Issue Button

Clicking the Issue button copies local changes to the owning database releases the elements.
Users who have access to the owning database can now see the changes and can make changes to the
elements.
Following an Issue the Item will not be claimed.
2.6.12 The Drop Button

Clicking the Drop button will abandon local changes, i.e. there will be no change to the owning database
and it will return to its state before the changes were made (even if the user has done a Save Work).
The elements that were being worked on will not be released.
www.aveva.com
19
AVEVA Plant (12.1)

Creating Standard Extract Databases A Worked Example)
2.7
This worked example creates a number of users, teams and MDBs that will be used to create a number of
extract databases. The effect of flushing and issuing information will also be demonstrated.
2.7.1
Create Teams
For this example three new Teams will be created. Using the Admin Elements form create the following
Teams:
MASTERA
EXTEAMB
EXTEAMC
2.7.2
Create Users
Three new Users are also required. Create the following Users and Passwords:
USER
Password
APPRUSERA
EXUSERB
EXUSERC
Make the Users members of the following teams:

USER
Team
APPRUSERA
MASTERA
EXUSERB
EXTEAMB
EXUSERC
EXTEAMC
www.aveva.com
20
AVEVA Plant (12.1)

2.7.3
Create a Master Database
For this example, a new master database will be

created. From this master database, extract
databases will be created.
When creating the master database, ensure that
the Master DB radio button is active.
The database type required is a

database. Name the database DESI.
Design
In the Create SITE textbox enter MASTER/DESI

to create a top level element in the database.
Set the Access Mode to Multiwrite and Implicit
Claim.
As Extract databases can only be created

from a Multiwrite master database it is
important that this setting is made correctly.
Leave the other settings as the default displayed.
Click the Apply button and dismiss the form. Check that the new database MASTERA/DESI is displayed in
the Database and Extracts list.
www.aveva.com
21
AVEVA Plant (12.1)

2.7.5
Create Standard Extracts
T
wo extracts of the database will be created and assigned to separate teams. On the Admin Elements form
ensure Databases & Extracts is selected in the Elements option list.
Select the Create button to display

Databases & Extracts form and click the An
Extract of a DB radio button.
Click the OK button to display the Create

Extract form.
Select <DB> MASTERA/DESI from the
Select Database for Extract grid.
Select <TEAM> EXTEAMB from the Owning
Team grid.
Enter DESI_X1 in the Name textbox.
Select Implicit Claim from the Access Mode
options list.
Click the Apply button to create the extract.
Repeat
the
process
to
EXTEAMC/DESI_X2
based
MASTERA/DESI.
create
on
As the extract databases are Multiwrite

they appear in the Select Databases
for Extract grid.
Extract databases are indicated in

Administration forms with an X.
www.aveva.com
22
AVEVA Plant (12.1)

2.7.6
Create MDBs
Copy MDB A-PIPING to create an MDB called MASA with a description of Master Extract MDB.
Put the MASTERA/DESI database at the top of the Current Databases list.
Create two further copies of MDB A-PIPING named EXTB, description Extract B, and EXTC, description
Extract C, respectively.
Put the database EXTEAMB/DESI_X1 at the top of MDB EXTB and the database EXTEAMC/DESI_X2 at
the top of MDB EXTC.
www.aveva.com
23
AVEVA Plant (12.1)

2.7.7
Testing Standard Extract Databases in Design
Enter PDMS Design with Username APPRUSERA, Password A and MDB MASA. Make the main display
window small in height and put it at the top of the screen.
Display the Command Window.

Navigate to the World and check
that the correct database is being
used by entering Q DBNAME in
the Command Window.
The returned name should be
MASTERA/DESI.
Enter PDMS with Username

EXUSERB, Password B and MDB
EXTB.
Make the main display window
small in height and put it at the
bottom of the screen.
Check the correct database is
being used.
The returned name should be
EXTEAMB/DESI_X1.
In the APPRUSERA session (top of the screen),

navigate to the Site MASTERA/DESI and rename it
to SITE-MASTERA.
Create a Zone named EQUIP-ZONE and two
equipment elements named EQ1 and EQ2.
Save Work.
www.aveva.com
24
AVEVA Plant (12.1)

In the EXUSERB session (bottom of the

screen), select Design > Extract Control
from the main menu to display the Extract Data
Control form.
Click the Get All Changes button.
Click in the Elements grid to refresh the form.
The re-named Site, the Zone and the two
equipment elements are now displayed in the
form and Design Explorer.
Close the Extract Data Control form.
In the EXUSERB session (bottom of the screen), create a new

equipment element named EQ3 in the same Zone as EQ1 and EQ2.
The equipment is shown bold, indicating that it is claimed.
Savework.
In the APPRUSERA session (top of the screen) select Design > Get Work from the main menu. Note that
the new equipment, EQ3, is not displayed in the session. This is because the equipment has not been
Flushed or Issued to the master database.
www.aveva.com
25
AVEVA Plant (12.1)

In the EXUSERB session (bottom of the screen)

display the Extract Data Control form again.
Note that the EQ3 equipment is prefixed by M,
indicating that it has been Modified.
The owning zone also has a prefix M, indicating
that it has also been modified.
Click the Flush button.
As a Save Work has not been done before the
Flush was initiated the following message is
displayed:
Click the Yes button to save the changes.
The Extract Session Comment form is automatically

displayed.
Click the YES button to confirm the Flush.
Note that the Claim status of the equipment

has changed in Extract Data Control form.
When a Flush is performed the items are
available in the owning database but remain
claimed, i.e. EQ3 is prefixed by E, indicating
that it is claimed by an extract in this MDB.
www.aveva.com
26
AVEVA Plant (12.1)

In the APPRUSERA session (top of the screen) select

Design > Get Work from the main menu. Note that the new
equipment, EQ3, is now displayed in the session. This is
because the equipment has been Flushed to the Master.
Try to modify the name of EQ3 in the APPRUSERA session. As

the equipment is still claimed by the extract an error message is
displayed.
In order for another designer to modify the equipment EQ3 it must be Issued to release the Claim.
2.7.8
Extract Change Highlighting
It is possible to highlight elements in an extract database that will be Issued, Flushed or Dropped or added
to the database (following Get All Changes) using the Extract Data Control form.
In the EXUSERB session (bottom of the screen) navigate to the

world element.
In the Command Window type Q DBNAME.
It will return Dbname EXTEAMB/DESI_X1 the name of the extract
database.
Select Utilities > Training Setup from the

main menu.
On the Foundations Tab select the Add
TRA.SITE radio button.
Click the Apply button then dismiss the form.
www.aveva.com
27
AVEVA Plant (12.1)

The newly created site will be displayed in the 3D view.
2.7.9
Outstanding in Extract
Select Design > Extract Control... from the main menu to display the Extract Data Control form.
Check the Outstanding in Extract checkbox.
All Design items will be coloured cyan as none of them

have been Flushed, or Issued.
The Colour Button can be used to change the

display colour.
www.aveva.com
28
AVEVA Plant (12.1)

The effect of issuing various elements in combination with changing the scope can be seen in the example
below. In this instance the Site TRA.SITE has been Issued with the scope set to Single Element. The
Zone EQUIP.ZONE has also been Issued with the scope set to Element Hierarchy.
2.7.10 Introduced by Get All Changes

Before the Get All Changes command can be used some new items must be created in the parent/master
database.
In the APPRUSERA session (top of the screen), navigate to and display Site TRA.SITE. Only the equipment
is available.
www.aveva.com
29
AVEVA Plant (12.1)

Make a copy of equipment /Tank1 and move it North 5000mm.
Save Work.
2.7.11 Displaying Items Introduced by Get All Changes

Return to the previous Design Session EXUSERB (bottom of the screen).
On the Extract Data Control form click the Get All Changes button.
www.aveva.com
30
AVEVA Plant (12.1)

Add the site TRA.SITE to the display.
Select the Introduced by Get All Changes checkbox.
The new equipment is displayed in cyan.
www.aveva.com
31
AVEVA Plant (12.1)

Exercise 1 Extract Databases

Enter PDMS with Username EXUSERC, Password C and MDB EXTC. Open the Extract Data Control
form and click the Get All Changes button to see items that have been added to the Master database. Use
Extract Change Highlighting to observe the differences in the graphical display.
Create items as user EXUSERC. Use change highlighting to ensure the items are Outstanding in the
Extract. Flush or Issue them back to the Master.
www.aveva.com
32
AVEVA Plant (12.1)

2.8
Creating Working Extracts A Worked Example
Working extracts are allocated to users. In the following worked example working extracts for three users,
USERA, USERB and USERC will be created to database MASTERA/DESI.
Return to the Administration module of

PDMS. Create Users USERA, USERB and
USERC with Passwords A, B and C.
Select Working Extracts from the Elements
options list on the Admin Elements form.
Click the Create button to display the
Create Working Extracts form.
Select <DB> MASTERA/DESI from the
Database to Create Working Extract From
grid and <USER> USERA, <USER> USERB
and <USER> USERC from the User List
grid.
Enter Extract of MASTERA/DESI in the
Description textbox.
Click the Apply button to create the Working
Extracts.
A new MDB is not required for the Working

Extracts.
PDMS may be entered using the same MDB
for all three Users as access is controlled by
the Username.
Add the three
MASTERA.
Users
to
the
Team
www.aveva.com
33
AVEVA Plant (12.1)

Exercise 2 - Testing Working Extracts in Design

Enter PDMS Design with Username USERA, Password A and MDB MASA. Enter another session of
PDMS with Username USERB, Password B and MDB MASA.
Check the database name in each session by entering Q DBNAME in the Command Window.
Create some equipment elements in the USERB session and Save Work.
Use the Extract Data Control form to Flush or Issue the database changes back to the Master database.
Check that the information is available to USERA following the Get All Changes command.
www.aveva.com
34
CHAPTER 3
3
Data Access Control (DAC)
Being a member of the team that owns the database controls write access in PDMS. However, due to
project security requirements or company working practises, it may be necessary to further restrict data
access. By using Data Access Control (DAC) PDMS Administrators can restrict access to PDMS types,
names, or particular areas, of the PDMS model.
Data Access Control Overview
3.1
Data Access Control in regular PDMS projects is governed by team membership. Users must be a member
of the Team owning the database in order to write to it.
Normal PDMS data access control will apply to the Project unless the Data Access Control (DAC) option in
the Administration module is switched on. Before implementing DAC, administrators need to be aware of the
following considerations:
Once DAC is switched on, General Users will not have write access to any elements unless suitable
Access Control Rights have been set up.
Free Users always have full access to all elements.
DAC can be applied to Update or Multiwrite databases.
When implementing DAC one of two underlying methods are considered.
Users are completely restricted from doing any operation and subsequent permissions allow certain
tasks to be carried out.
Users are free to do any operation and subsequent permissions restrict certain tasks from being
carried out.
The later method is sometimes refered to as Negative DACs.
At the heart of DAC is the creation of Access Control Rights (ACRs) for each user. ACRs allow the
Administrator to:
Restrict access to named elements, given element types, or particular volumes of the model.
Restrict the type of operation a User can carry out on elements.
Restrict which attributes a User can set or change.
Further consideration of ACRs is provided in the sections that follow.
3.2
ACRs - Roles and Scopes
Users can be given one or more ACRs. Each ACR is made up of two parts, a Role and a Scope.
A Role defines what operations the designer can carry out on which elements e.g. Create, Modify
and Delete all types of PDMS elements.
A Scope defines the part of the Design to which the Role applies e.g. a particular Site in DESIGN or
Registry in DRAFT, or a specified volume within the model.
Roles and Scopes are referenced by ACRs and must therefore be created before the ACR has its RoleRef
and ScopeRef attributes set.
Roles are likely to be used on all Projects, but Scopes are usually Project specific.

www.aveva.com
35
AVEVA Plant (12.1)

3.2.1
Permissible Operations (Perops)
A Role is a set of Permissible Operations (Perops), which define the operations that can be performed on a
given element type.
3.3
Enabling DAC
DAC can be enabled by selecting Project > Data
Access Control from the main menu in the
Administration module. A confirmation message is
displayed.
Clicking the Yes button turns DAC on project wide.

The status of DAC is displayed on the Default Toolbar:
3.4
Creating Scopes, Roles and Permissible Operations A Worked Example
The following worked example will create a Scope for ALL areas of the work, a Role for ALL, a Role for a
Piping Designer and Permissible Operations for the Piping Designer.
3.4.1
Creating a Scope
Scopes define the area of the plant where the PDMS Designer can work. The following scope gives access
to all areas of the plant.
Click the Access Control Assistant button on the main menu to

display the Access Control Assistant form.
Select the Scopes tab in the upper pane of the form. Right click on
Scopes and select New scope from the pop-up menu to display a
new scope row.
Double click in the Scope name field to edit the information
contained within it. Enter ALLSCOPE in the Scope name textbox.
In a similar manner enter All Scope in the Scope description text
box.
Enter ALL in the Scope selection text box.
The Scope selection could be made more specific by entering the name of a SITE or ZONE, etc.
www.aveva.com
36
AVEVA Plant (12.1)

The syntax used to define Scopes is similar to the syntax used in PML. Key words, such as ALL, can be
used in a DAC context. An example of the type of syntax used to define a Scope would be: ALL WITH
NAME OF SITE EQ <FULL PDMS NAME OF SITE>.
3.4.2
Creating Roles and Permissible Operations
A Role defines the type of objects that can be created. Roles can be created in two ways; by adding access
or by removing access. The removal of access may occur in situations where a designer is initially given full
access rights which are then restricted.
3.4.2.1 Create Role and Perop for ALL Access
Select the Roles tab in the upper pane of the form.

Right click on Roles and select New role from the
pop-up menu to display the new role row.
Enter ALL-DESIGNER in the Role name textbox.

Enter Can create ALL PDMS elements in the
Role description text box.
A new Permissible Operation (Perop) for the role is

required.
Right click on the ALL-DESIGNER entry of the
Role name and select New perop from the pop-up
menu to display the new perop row.
Enter ALLELE in the Perop name textbox,
followed by ALL in the Element types textbox.
Leave the Qualifying Condition as unset.
Open the Operations options list. Each entry, i.e. Create, Modify, Delete, etc, has three settings, Ignore,
Disallow and Allow. Clicking each entry will cycle through these choices. Set all of the entries to Allow.
Set the Attributes field to ALL and the Error message field to Can Create All.
3.4.2.2 Create Role and Perops for Piping Designer Access

The Role of the Piping Designer will allow the creation of pipes and pipe branches providing that the pipe
has not been issued. The Pipe Designer may also connect to, and orientate, nozzles.
Right click on Roles again and select New role from the pop-up menu to display the newwww.aveva.com
role row.
37
AVEVA Plant (12.1)

Enter PIPING-DESIGNER in the Role name textbox and Piping Designer in the Role description textbox.
Right click on PIPE-DESIGNER entry of the Role name and select New perop from the pop-up menu to
display the new perop row.
Enter PIPE-DESIGNER-PIPE in the Perop name textbox followed by PIPE in the Element types textbox.
Enter (Purp of Zone eq 'PIPE' and Function neq ISSUED) in the Qualifying condition textbox.
Set all the Operations entries to Allow and enter ALL in the Attributes textbox.
Enter You can only create pipes in a Piping Zone that has not been Issued in the Error message
textbox.
Create a new perop row to allow the Pipe Designer the ability to orientate position and connect to nozzles.
Enter PIPE-DESIGNER-NOZZ in the Perop name textbox followed by NOZZ in the Element type textbox.
Leave the Qualifying condition as unset.
In the Operations options list set Create, Output, Export and Copy to Disallow, Delete to Disallow and
Modify, Claim, Issue and Drop to Allow.
Enter ORI CREF and POS in the Attributes textbox and enter You can only position, rotate and connect
to Nozzles in the Error message textbox.
Create another Perop for the Pipe Designer that will allow Branches to be created if the Pipe has not been
issued.
Enter PIPE-DESIGNER-BRAN in the Perop name textbox followed by BRANCH HIERAR in the Element
types textbox.
Enter Function of Pipe neq ISSUED in the Qualifying condition textbox.
Set all the Operations entries to Allow then enter ALL in the Attributes textbox.
Enter You cannot create a Branch or Branch Components if the Pipe has been Issued in the Error
message textbox.
The following Perops are now available.
Follow a similar process to create Roles and Perops for the Design Supervisor and the Equipment Designer.
For the Role of the Equipment Designer, allow the creation of the equipment hierarchy only where the
Purpose of the Zone is EQUIP.
3.5
There is no need to create separate SCOPES for the Supervisor, Piping Designer and Equipment
Designer. Use the SCOPE /ALLSCOPE for all three users.
Creating Access Control Rights A Worked Example
Access Control Rights (ACRs) are used to link Roles and Scopes. To recap, a Role is what a User can
do and a Scope is where the user can do it.
www.aveva.com
38
AVEVA Plant (12.1)

This worked example creates ACRs for ALL items (e.g. a supervisor), for Pipe Designers and Equipment
Designers.
3.5.1
Create an ACR for ALL
Select the ACRs tab from upper pane of the Access

Control Assistant form. Right click on ACR and select
New ACR from the pop-up menu to display a new ACR
row.
Enter ALL-DESIGN in the ACR name textbox.

Enter Can create ALL items anywhere in the ACR
description textbox.
Select the Scopes tab in the top pane.

Select the ACRs tab in the bottom pane.
Using the left mouse button, drag and drop
ALLSCOPE from the top pane onto the Scope entry
below the ALL-DESIGN ACR entry in the bottom
pane.
Click the Roles tab and drag and drop ALL-DESIGN
from the top pane onto the Role entry below the ALLDESIGN ACR entry in the bottom pane.
Repeat this process to create ACRs for ALL-DESIGN,
ALL-EQUIPMENT and ALL-PIPES.
Setting User Access A Worked Example
3.6
Remember, once DAC has been set on then the default access to PDMS is no access, and ACRs must be
set for each User. In this worked example three users will be created and access rights set for each.
A.SUPERVISOR will be the Supervisor and will be given ALL access.
A.PIPER will be a Piping Designer and will be given Pipe Designer access.
A.EQUIP will be the Equipment Designer and will be given Equipment Designer access.
Create the following users:
A.SUPERVISOR should be a member of all Teams.
A.PIPER should be a member of PIPEN and PIPES.
A.EQUIP should be a member of EQUIPN and EQUIPS.
ACR can be set in two ways, using drag and drop on the Access Control Assistant or by using the Create
User or Modify User on the Admin Elements Form.
www.aveva.com

39
AVEVA Plant (12.1)

3.6.1
Using Access Control Assistant
In the top pane select the ACRs tab.

In the bottom pane select the Users tab.
Drag ALL-PIPES onto A.PIPER.
3.6.2
Using Create/Modify User
Select Users in the Element options list of the Admin Elements form.
Select <USER> A.SUPERVISOR and click the Modify button to display the Modify User:
A.SUPERVISOR form.
A.SUPERVISOR should be a member of all Teams.

The bottom part of the form shows the ACRs.
The left pane shows all the ACRs available on the
project and the right hand pane shows the Users
ACRs.
For A.SUPERVISOR select ALL-DESIGN in the
Project ACRs list and move it to the Users ACRs
list with the right arrow button.
Click the Apply button and then the Dismiss button.
Repeat the process for A.EQUIP selecting the
correct ACRs.
Make sure the Users are members of the correct team to write to the database.
www.aveva.com
40
AVEVA Plant (12.1)

3.7
Testing PDMS Access Control
In the previous sections, a number of users have been created and ACRs have also been created for each
user. To re-cap:
A.SUPERVISOR
can create anything anywhere.
A.PIPER
can only create pipes in a Zone with a Purp of PIPE and where the pipe has not
been ISSUED.
A.EQUIP
can only create equipment in a Zone with a Purp of EQUI.
The effect of DAC can be seen by testing the ACRs in design. Ensure that DAC is turned on for the Project
then enter a Design session and test the following scenarios:
A.SUPERVISOR
Can create Sites, Zones, etc.
A.PIPER
Can create Pipes, Branches and components.

Can only create Pipes in a Zone with a Purp of PIPE.
Can only modify Pipes where the Function of the Pipe is not ISSUED.
A.EQUIP
Test that Equipment can only be created in a Zone with a Purp of EQUI.
Enter Design as user A.PIPER and navigate to a Nozzle. Select Modify > Attributes from the main menu.
Note that only Position, Orientation and Cref attributes
can be modified. All other attributes are greyed out.
www.aveva.com
41
AVEVA Plant (12.1)

Make a Pipe the CE. Select Modify > Attributes

from the main menu.
Update the Function attribute to ISSUED.
In the Design Explorer navigate away from, then
back to, the modified pipe. Note that all the
attributes on the form are now greyed out as the
Pipe has been Issued.
3.8
Querying User Access in Design
User access in Design may be queried by selecting Query > Project from the main menu. The Query
Project form will be displayed.
The Users tab displays a list of users. Selecting a User from the list displays details about the user including
Team membership.
www.aveva.com
42
AVEVA Plant (12.1)

DAC may also be queried in Design by selecting

Query > Data Access Control from the main
menu to display the Query Data Access Control
form.
The User Rights tab shows the Role, including
the Perops, and the Scope for the current user.
Selecting a Perop from the list displays the Perop
Properties form.
3.9
DAC Negative Implementation
Previous examples of DAC have focused on a method of implementation whereby Designers are generally
denied access then granted only specific access to achieve certain tasks.
An alternative implementation is where the designer is first given full access and is then restricted from
undertaking certain tasks. This is sometimes refered to as Negative DACs.
The advantage of using this method is that PDMS can display more meaningful messages.
disadvantage is that there are more Perops for each Designer.
The
Earlier in this training guide the Role ALL-DESIGNER was created. This role will now be modified to prevent
the designer creating equipment. In Admin modify the Role ALL-DESIGNER using the Access Control
Assistant and create a new Perop.
Enter / select the following data:

Perop name
NOT-EQUIPMENT
Element types
EQUIP HIERARCHY
Qualifying Condition
unset
Operations
Disallow (for all)
Attributes
ALL
Error Message
You cannot Create or Modify Equipment

www.aveva.com
43
AVEVA Plant (12.1)

Enter PDMS as A.SUPERVISOR and check that all items except the Equipment Hierarchy can be created.
3.10 Setting DAC for use with MDS

Consider the access that might be required for a pipe support designer. The support designer would need
access to branch members to create ATTAs, swap elbows, tees etc. They would also need to create
branches for Trunnions, create SNODS and joints on steel, and create structures, but only if the Purp of the
Zone is SUPP.
The following DAC could be used with the AVEVA Multi Discipline Support system (MDS).
To help within this area a variable !!MDSACCESS is set to TRUE if MDS is running.
The following is a list of the required PEROPs for MDS:
Access to Element
Condition
BRAN HEIR
VTEXT !!MDSACCESS EQ 'TRUE'
REST HEIR
VTEXT !!MDSACCESS EQ 'TRUE'
SNOD HEIR
ATTRIB PURP OF ZONE EQ 'STL' AND VTEXT !!MDSACCESS EQ 'TRUE'
STRU HEIR
ATTRIB PURP OF ZONE EQ 'SUPP'
www.aveva.com
44
CHAPTER 4
4
Project Setup Using Excel
Project Setup Excel Import and Export is designed to make the process of setting-up an AVEVA Plant
project easier by allowing Administration data to be imported via spreadsheets.
It is important that the Excel Spreadsheets used for both the Import and Export functions are in the correct
format. The required format is the same for both functions, therefore the correct format can easily be
obtained by exporting data from the Administration module and examining the results.
4.1
Export to Excel
The Export to Excel utility can be accessed by selecting
Utilities > Export from the main menu of the Administration
module.
The Admin Export form will be displayed. From this form
the User can enter a file path for the export file.
Alternatively the
suitable file location.
icon can be used to navigate to a
On clicking the OK button of the Admin Export form the

Export process is started.
An export summary screen is displayed. Task progress is
displayed in this form. In the event of an error occurring
during the export process, it will be noted in this form.
www.aveva.com
45
AVEVA Plant (12.1)

4.2
Admin Excel Spreadsheet
The Admin Excel Spreadsheet has a specific format containing a

keyword and the appropriate headings.
The spreadsheet is split down into various tabs.This training
course will focus on the Extracts and Data Access Control tabs.
4.2.1
Admin Excel Spreadsheet Extract Databases
The required format for Extract Databases is shown below. Data in some columns can be altered without
restriction (e.g. Description), while other columns reflect a value within an appropriate context (e.g. Claim
Mode can only be Implicit or Explicit). Guidance on the values required in each column are provided below.
#Keyword
EXTRACT.
Owning Team
Name of the Team that owns the Extract Database.
Name
Extract Name (part after /).
Description
Description of Database.
Parent
Parent Database.
Claim Mode
IMPLICIT or EXPLICIT.
Variant
Yes or No.
www.aveva.com
46
AVEVA Plant (12.1)

4.2.2
Admin Excel Spreadsheet Working Extract Databases
The required format for Working Extract Databases is shown below. Data in some columns can be altered
without restriction (e.g. Description), while other columns reflect a value within an appropriate context (e.g.
Claim Mode can only be Implicit or Explicit). Guidance on the values required in each column are provided
below.
#Keyword
WORKEXTRACT.
Owning User
Name of the User associated with the Working Extract Database.
Description
Description of Database.
Parent
Parent Database.
Claim Mode
IMPLICIT or EXPLICIT.
Variant
Yes or No.
4.2.3
Admin Excel Spreadsheet Scope
On export, Data Access Control requirements are separated into their component parts, ACR,s, ACR
Groups, Scopes, Roles and Perops. The required format for Scopes is shown below. As with the other
spreadsheets considered, data in some columns can be altered without restriction (e.g. Description), while
other columns reflect a value within an appropriate context (e.g. Selection could utilise the keyword ALL).
Guidance on the values required in each column are provided below.
#Keyword
SCOPE.
Name
Name of Scope.
Description
Description of Scope.
Selection
ALL (keyword). Alternatively, Sites or Zones specific to the project could be used.
www.aveva.com
47
AVEVA Plant (12.1)

4.2.4
Admin Excel Spreadsheet Roles and Perops
Roles are specified followed by the associated Permissible Operation (PEROP). Roles require only three
fields. Guidance on the values required to define the Role are given below.
#Keyword
ROLE.
Name
Name of the ROLE.
Description
Description of ROLE.
Permissable Operations require considerably more fields to account for all Create, Modify and Delete
operations and any associated error messages. Guidance on suitable values is provided below.
#Keyword
PEROP.
Owner
Owning Role.
Name
Name of Perop.

www.aveva.com
48
AVEVA Plant (12.1)

Element types
Element Type e.g. PIPE, EQUIPMENT HIERAR, ALL etc.
Qualifying condition
Qualifying Rule. Often this will utilise a Purpose or Function of a model element.
OpCreate
GRANT or DENY ability to Create Elements.
OpModify
GRANT or DENY ability to Modify Elements.
OpDelete
GRANT or DENY ability to Delete Elements.
OpClaim
GRANT or DENY ability to Claim Elements.
OpIssue
GRANT or DENY ability to Issue Elements.
OpDrop
GRANT or DENY ability to Drop Elements.
OpOutput
GRANT or DENY ability to Output Elements.
OpExport
GRANT or DENY ability to Export Elements.
OpCopy
GRANT or DENY ability to Copy Elements.
Attributes
Specify attributes that can be changed or ALL.
Error message
Error Message displayed to the User.
4.2.5
Admin Excel Spreadsheet ACR
The required format for an ACR is shown below. As with the other spreadsheets considered, data in some
columns can be altered without restriction (e.g. Description), while other columns reflect a value within an
appropriate context (e.g. Scope will reference a valid Scope in the project). Guidance on the values required
in each column are provided below.
#Keyword
ACR.
Name
Name of ACR.
Description
Description of ACR.
Scope
Name of the Scope.
Role
Name of Role.
4.3
Import from Excel

The Import from Excel utility can be accessed by
selecting Utilities > Import from the main menu of
the Administration module.
The Admin Import form will be displayed. From this
form the User can specify a file path for the file to be
imported. Alternatively the
icon can be used to
navigate to a suitable file location.

Before attempting an Excel Import make sure

that the Access Control Assistant is not
displayed.
www.aveva.com
49
AVEVA Plant (12.1)

Once the file has been specified, clicking the OK

button on the Admin Import form instigates the
Import operation.
If the project references a Foreign Project the User
will be prompted to give suitable login credentials for
an a Free User in the referenced project.
An import summary screen is displayed. Task

progress is displayed in this form. In the event of an
error occurring during the export process, it will be
noted in this form.
If errors are present it is possible to role back

the System database until a point before the
import operation was instigated.
4.3.1
Selecting an MDB for User Defined Data
Once the import operation has finished, the System Administrator is prompted to supply an MDB if one has
not previously been set.
If the imported data contains UDAs or UDETs then the

MDB selected should contain a Lexicon Database. As
DAC may contain references to UDAs or UDETs it is
important that this is checked prior to importing the data.
If DAC has not been specified, and neither UDAs or
UDETs have been used, the System Administrator can
select <None>.
www.aveva.com
50
AVEVA Plant (12.1)

4.4
Admin Database Rollback
The Admin Database can be rolled back following an Excel import in the event that errors were encountered.
The Rollback utility can be accessed

Utilities > Rollback from the main menu.
by
selecting
The Rollback form is displayed showing the items that will be

deleted.
Selecting the Rollback button in the middle of the form
instigates the process. Due to the nature of this process,
confirmation is immediately sought from the User.
Selecting the Yes button continues the process, while

selecting the No button stops the process.
If the Rollback process is continued, the lower portion of the

Rollback form will be populated with tasks that have taken
place.
The user can verify the results of the Rollback process by
refreshing the view of the Admin Explorer.
www.aveva.com
51
AVEVA Plant (12.1)

Exercise 3 Project Setup Excel Export / Import

Use the Export to Excel utility on the Training Project. Open the spreadsheet produced and create some new
Teams, Users and Databases.
Import the modified spreadsheet into the Training project, checking for any errors.
Use the database Rollback function to restore the project to the point immediately before the Export utility
was used.
www.aveva.com
52
CHAPTER 5
5
PML Encryption
This chapter describes how to create and use PDMS PML Encryption or Published PML. Various levels of
encryption can be applied to any PML functions, forms, objects, and macros.
5.1
Overview of PML Encryption
PML is the AVEVA Programmable Macro Language. The details of the language may be found in the PDMS
Software Customisation Guide and the PDMS Software Customisation Reference Manual, supplied with the
product.
PML functions, objects, forms and macros may be encrypted using the tools described in this chapter. Once
encrypted they may be used within PDMS but cannot easily be read.
Please note that the encryption used is of limited strength, and is not secure against all possible attacks.
Details of the encryptions used are described later.
Once a PML file has been encrypted, it is no longer possible to read or edit the file. The Published PML
toolkit does not include a tool for un-encrypting files. It is good practise to ensure that a safe copy of the
original file is retained, in case further modifications are required later.
5.2
PML Encryption Utility Program
The encryption utility program is a command window program designed to be included in the PML software
development process.
5.2.1
Typical workflow
When undertaking PML encryption tasks the following workflow should be adhered to:
Ensure that a current backup of the source PML is available.
Copy the source folders to a new location.
Encrypt from the source location to the new location.
Check the encryption is successful and the files work in the expected manner.
Not all files within a PML folder hierarchy are always PML. Images, for example, should not be
encrypted, but may need to be supplied with the encrypted versions of the PML.
Automating the encryption procedure via batch files, perl script, or a PML script will make it easier to
create the encrypted PML files when the source PML is updated.
5.2.2
Licensing
The pmlencrypt.exe utility program requires a PML Publisher licence in the license file (the feature name is
VPD-PMLPUBLISHER). If this is not present in the license then the program will not run.
www.aveva.com
53
AVEVA Plant (12.1)

5.3
Using the PML Encryption Utility Program
The form of the PML Encryption Utility Program can be seen by running pmlencrypt.exe without arguments
(or with an invalid set of arguments). An output similar to that below is produced.
The command is of the form:

pmlencrypt [-rc4|-basic|-trivial|-none] [-buffer N] [-folder|-pmllib] from_path to_path
Where:
-rc4
uses 40-bit RC4 encryption from the Microsoft Base Cryptographic Provider (default).
-basic
uses a simple low-security encryption algorithm.
-trivial
uses a human-decipherable encryption scheme - for testing only.
-none
no encryption, but can be used with -buffer N.
-buffer N
causes the file to be retained in memory until a module switch once it has been read N times
(the default is never).
-folder
is used to encrypt ALL files from the folder from_path to to_path.
-pmllib
is used to encrypt ALL .pmlobj .pmlfnc .pmlfrm and .pmlmac files from the folders in a
PMLLIB-type folder structure beneath from_path to to_path.
from_path
is the file or folder to be encrypted.
to_path
is the output file or folder.
www.aveva.com
54
AVEVA Plant (12.1)

5.4
Choosing Files
PML files are not required to have particular file extensions. PML2 functions, objects, forms and macros are
normally stored in files with the extensions .pmlfnc, .pmlobj, .pmlfrm and .pmlmac respectively. However,
other PML files such as those in the pdmsui folder of a PDMS installation do not have a file extension.
As any PML file (with or without a file extension) may be read with a $m command, care must be taken when
choosing files to encrypt. Other files, such as icon images and configuration files cannot be used by PDMS
when encrypted.
5.4.1
Single File
If neither of the folder or pmllib options are used the from_path and to_path arguments are taken to be
single file-names or paths (which should not include embedded spaces). The to_path file is created or
overwritten, as appropriate.
This option may be used whenever there is a single file to encrypt, and can also be useful within a script,
where the file selection is handled by the script itself. No assumptions are made about file extensions.
5.4.2
All Files in a Folder
If the folder option is used the from_path and to_path arguments are taken to be names or paths of
folders (which should not include embedded spaces). All files in the from_path folder are encrypted into the
to_path folder. The to_path folder is created, if required, and the files inside it are overwritten.
No file extension is required, so care must be taken not to encrypt non-PML files.
5.4.3
Files in a pmllib -like Folder Tree
If the pmllib option is used the from_path and to_path arguments are taken to be names or paths of
folders (which should not include embedded spaces). All folders beneath the from_path folder are scanned,
and files with extensions .pmlfnc, .pmlobj, .pmlfrm or .pmlmac are encrypted to a matching structure
constructed or overwritten beneath the to_path folder.
As this option is file-extension sensitive, it will not encrypt, or copy, image or other unrelated files in the
hierarchy.
5.4.4
File/Folder paths
Care must be taken when the from_path and to_path arguments are given. The from path must precede
the to_path, otherwise the wrong file may be overwritten.
The from_path and to_path arguments cannot be identical. This is to reduce the risk of accidental
overwriting of the source-files. Embedded spaces are not supported in the paths.
5.5
Encryption Algorithms
There are four encryption options that use different encryption algorithms. The following sections describe
the four options.
5.5.1
Encryption Type 0: No Encryption
Encryption Type 0 (No Encryption) adds a standard Published PML header to the file, i.e. --<000>-Published PML 12.0 >--, but does not otherwise encrypt the file.
It can be selected by choosing the none option in the encryption call.
www.aveva.com
55
AVEVA Plant (12.1)

5.5.2
Encryption Type 1: Trivial Encryption
Encryption Type 1 (Trivial Encryption) is designed for testing purposes only. It provides no security, as the
lines can be read backwards. It is used to establish that the encryption system is functioning correctly and
that an incompatible version of PDMS has not been installed.
It can be selected by choosing the trivial option in the encryption call.
5.5.3
Encryption Type 2: Basic Encryption
Encryption Type 2 (Basic Encryption) is an alternative simple encryption algorithm which is implemented
directly and does not rely on external libraries.
It can be selected by choosing the basic option in the encryption call.
5.5.4
Encryption Type 3: RC4 Encryption
Encryption Type 3 (RC4 Encryption) is the recommended and default option.

This encryption uses the Microsoft Base Cryptographic Provider, which is included in Windows 2000,
Windows XP, and Windows 7 operating systems as well as Microsoft Internet Explorer version 3.0 or later.
It is anticipated that all PDMS compatible computers will include the libraries required for this algorithm.
40-bit keys are used to operate within limits imposed by (historic) limitations of encryption technology.
It can be selected by choosing the rc4 option in the encryption call.
Although this is the most robust encryption algorithm provided, it is still of limited strength and is not
secure against all possible attacks.
5.6
Encrypting PML Files A Worked Example
In this worked example supplied PML files will be encrypted using various options.
5.6.1
Supplied Files
The pmlencrypt.exe by default is installed in the C:\AVEVA\Plant\Manage\PMLPublisher1.1 folder.

The following are the simple PML files that will be used for the encryption. The Trainer will provide these files
by copying them from the Training Setup. Typically C:\AVEVA\Plant\Training12.1.1\Training\testencrypt. The
files are as follows:
C:\testencrypt\pmllib_original\forms\hello.pmlfrm
setup form !!hello
Title My Form Title
Paragraph .Message text Hello world
button .bye Goodbye OK
exit
C:\testencrypt\pmllib-original\functions\area.pmlfnc
define function !!area(!Radius is REAL) is REAL
!CircleArea = !Radius.Power(2) * 3.142
return !CircleArea
endfunction
www.aveva.com
56
AVEVA Plant (12.1)

C:\testencrypt\pmllib-original\objects\life.pmlobj
define object LIFE
member .Answer is REAL
endobject
define method .Life()
!This.Answer = 42
endmethod
define method .Answer() is REAL
return !This.Answer
endmethod
define method .Answer(!Value is REAL)
!this.Answer = !Value
endmethod
C:\testencrypt\pmllib-original\macros\newsite.pmlmac
new site /ENCRYPT-SITE
handle(41,12)
$p site /ENCRYPT-SITE exits
DELETE SITE
return
endhandle
C:\testencrypt\pmllib_original\macros\NZONE
/ENCRYPT-SITE
handle(2,109)
$p Site /ENCRYPT-SITE does not exist
return
endhandle
new zone /ENCRYPT-ZONE
handle(41,12)
$p site /ENCRYPT-ZONE exits
DELETE ZONE
return
endhandle
5.6.2
Directory Structure
The PML files should be stored in the correct PML directory structure.
www.aveva.com
57
AVEVA Plant (12.1)

5.6.3
Testing using a Batch File
It is recommended that a batch file be created to encrypt the PML files. In this example a simple batch file
will be written to test each option.
In a suitable text editor open the batch file, encrypt.bat, in the folder C:\testencrypt most of the lines are
commented out using rem with the exception of the second to last line which would display help.
Keep the file open for editing. Ensure all of the sub-folders in the C:\testencrypt\pmllib-encrypt folder are
empty.
5.6.4
Testing the None Option
The first test uses the none option on the area.pmlfnc file to see if the encryption process is working. The
encrypt batch file needs to be edited (remove rem) to allow this line of the file to be run. The batch file
should look like this:
Run the batch file by locating encrypt.bat with Windows Explorer then double clicking on it. A cmd window
will be displayed. To check the result, navigate to the C:\testencrypt\pmllib-encrypt\functions folder and
edit the area.pmlfnc. The function should look like this:
The file is not encrypted but a header is added to the macro.
www.aveva.com
58
AVEVA Plant (12.1)

5.6.5
Testing the Trivial Option
Edit encrypt.bat and enter rem at the start of the line containing the none option. Remove the rem from the
start of the line containing the trivial option. The batch file should look like this:
Save the file and double click on it to run the encryption. The file, hello.pmlfrm, has been encrypted using
the trivial option.
Navigate to the C:\testencrypt\pmllib-encrypt\forms folder and edit the hello.pmlfrm. The function should
look like this:
Note that the file is readable backwards, i.e. mrof putes is setup form.
5.6.6
Encrypting Multiple Files
All files with valid pml extensions can be encrypted in one command using the pmllib option.
Edit the encrypt .bat file by entering rem at the start of the line containing the trivial option. Remove the rem
from the start of the line containing the rc4 pmllib option. The batch file should look like this:
Save the file and double click on it to run the encryption. Navigate to each of the sub-folders of
pmllib-encrypt and note that all pml files have been encrypted with the exception of NZONE as this does
not have a valid pml file extension.
All Files without a valid pml extension can be encrypted in one command using the folder option, however,
care must be taken using this option as some files may not be pml macros.
www.aveva.com
59
AVEVA Plant (12.1)

Edit the encrypt .bat file by entering rem at the start of the line containing the rc4 pmllib option. Remove the
rem from the start of the line containing the rc4 folder option. The batch file should look like this:
Save the file and double click on it to run the encryption. Navigate to the macro sub-folder of pmllib-encrypt
and note that the file NZONE has now been encrypted.
5.6.7
Testing Encrypted Macros
When PDMS recognises an encrypted macro it is decrypted in memory as it is used. In this section the
encrypted macros will be tested. In order to test the encrypted macros the pointer to pmllib must be changed
to point to a multi path.
Edit the file evars.bat. This batch file can be found in the %PDMSEXE% directory typically
C:\AVEVA\Plant\PDMS12.1.SP2. Close to the bottom of the file add the line:
set pmllib=C:\testencrypt\pmllib-encrypt %pmllib%
Make sure there is a Blank Line

at the Bottom of the file.
Save the file and close the editor. Enter PDMS using the following options:
Project Training, Username A.PIPER, Password A, MDB /A-PIPING, Module Design
Ensure DAC is turned off.
5.6.7.1 Checking the pmllib Path

The environment variable pmllib should now be set to a multi-path that includes the C:\testencrypt folder.
Open the Command Window and enter Q EVAR PMLLIB.
The file pml.index needs to be updated to include the new files in the extended path.
Enter PML REHASH ALL in the Command Window to regenerate the file. If further files are encrypted the
file should be refreshed using this command.
www.aveva.com
60
AVEVA Plant (12.1)

5.6.7.2 Area function

The area function returns the area of a circle. In the Command Window enter !area = !!area(100). The
function calculates the area of a circle with 100mm diameter.
Enter q var !area in the Command Window to find the answer stored in variable !area
5.6.7.3 Hello Form

PML forms are displayed using the show command. Enter show !!hello in the Command Window to show
the Hello form.
5.6.7.4 Life Object

A method of an object may return a result into a member of the object using the return command.
Enter !Marvin = object LIFE() in the Command Window.
The method .Life() is called automatically and the value
!marvin is 42.
Enter !Number = !Marvin.Answer() in the Command
Window.
Enter q var !Number in the Command Window.
!Number is set to the value 42 because no values were
specified. The value of the variable Number may be
changed. Enter the following in the Command Window:
!Marvin.Answer(50)
!Number = !Marvin.Answer()
q var !Number
5.6.7.5 Running the pml macros

Macros are executed using the $m/ syntax in the Command Window. Enter the following in the Command
Window:
$m/C:\testencrypt\pmllib-encrypt\macros\newsite.pmlmac
$m/C:\testencrypt\pmllib-encrypt\macros\NZONE
www.aveva.com
61
AVEVA Plant (12.1)

The newsite.pmlmac macro creates a site named ENCRYPTSITE.

The NZONE macro creates a Zone under the new site named
ENCRYPT-ZONE.
5.7
Buffering Encrypted Files
Reading an encrypted pml file takes longer than reading a plain-text version. In some circumstances PML
files may be re-read many times during a session, thus encrypting files may have some impact on
performance.
The command PML STATISTICS displays information on the numbers of times each file has been read,
together with some additional information useful to AVEVA when testing the Published PML functionality.
In order to reduce the time taken to re-read the files, Published PML files may contain a buffering directive in
the header-line, i.e. the first line in the file. If a dash and a number are included directly after the three-digit
encryption algorithm id, then PDMS will retain the file in memory indefinitely once it has been read the
specified number of times.
Heavily used files may be edited to add buffering to the header by hand. For example:
--<004-5>-- Published PML 1.1 >-Alternatively, the n option, where n is the number of times the file is to be read before buffering, of
pmlencrypt.exe may be used.
For example:
C:\AVEVA\pmlencrypt -rc4 buffer 5 %from%\functions\area.pmlfnc %to%\functions\area.pmlfnc.
www.aveva.com
62
AVEVA Plant (12.1)

A value of 5 is a good number to start with. Many files are read precisely once during module start up. There
is little benefit in buffering these files. Using a value of 5 will avoid that, but will benefit all heavily used files.
If a PML file that is being actively developed has a header including buffering, it will not be re-read as often
as usual.
To force all buffered files to be cleared from memory, if they are not in current use, the commands PML
REHASH or PML INDEX may be used or a module switch performed.
5.8
Editing Published PML Files
Most changes made to an encrypted PML file will make it unusable, i.e. PDMS will report a corrupt file if
attempted, however, there are a few exceptions:
As noted in the previous section, a buffering value may be added or changed in the Published PML
header-line. For example:
--<004>-- Published PML 1.1 >-- may be changed to --<004-5>-- Published PML 1.1 >-Adding a buffering value of 5.
The second line of rc4 or basic encrypted files may be edited to report a different error or message.
For example:
--<003>-- Published PML 1.1 >-return error 99 'This file is not readable by this version of PDMS'
$** 9ad7b51fc44384a8601979728b185f52
may be changed to
--<003>-- Published PML 1.1 >-return error 66 'You need a PDMS patch ring Ian on extension 6655'
$** 9ad7b51fc44384a8601979728b185f52
Lines in trivial encrypted or un-encrypted files may be changed.
5.9
Using the $R Command
If an attempt to display or record encrypted PML using the $R commands is made, all lines are replaced by
the text <hidden>. Error messages and trace-backs will include function names, but not the text of each line.
The only circumstance in which hidden lines can become visible is during a macro which includes a moduleswitch. After a module switch, any remaining lines in that macro may be traceable.
5.10 Troubleshooting
PDMS will issue an error if any of the following occurs:
Attempting to read an encrypted PML file in an incompatible version of PDMS.
Attempting to read an encrypted file that has become corrupted (e.g. editing encrypted text).
Attepting to read files encrypted with algorithms added in future versions of pmlencrypt.exe.
Attempting to read an rc4 encrypted file on a computer without the Microsoft Base Cryptographic
Provider installed.
www.aveva.com
63
AVEVA Plant (12.1)

www.aveva.com
64
CHAPTER 6
Intellectual Property Rights Database Protection
PDMS enables strict Intellectual Property Rights (IPR) Protection to be applied at database level, allowing
a project administrator to restrict the ability to extract data held within a database.
6.1
IPR Protection Overview
Protected databases are marked as uniquely belonging to the project such that restricted users cannot copy
data from that database into another project, even through a physical copy of the database file.
Functionality that permits copying of data from a protected database is not available to restricted users. For
example:
OUTPUT command (DATAL).
COPY command, when copying across databases.
EXPORT command.
Data Access Routines (DARs).
In addition, read access to certain attributes is restricted in order to obstruct an unauthorised user from
writing their own DATAL like functionality in PML.
6.2
Changes to Admin for Database Protection
The Administration command syntax has been extended to allow the project administrator to set (or clear)
protection on any database within a project, and to set (or clear) an expiry date for that database.
The CHANGE command has been extended to change the protection on a named database, and control
timed expiry by optionally specifying a future date, using the standard date format used in existing
commands. The extended syntax is as follows:
CHANGE databasename PROTection [ ON | OFF ] [ EXPires future-date ].
The CREATE DB command has been similarly extended, with the following syntax:
CREATE DB dbname dbtype [ SUBTYPE MARINE ] PROTected [ EXPires future-date ].
The following pseudo attributes are associated with all DATABASE elements to query the Protected status
and the expiry date of the represented database.
LProtected - returns a True if the database is protected and False if it is unprotected.
Expiry - returns a text value giving the expiry date of the database in ISO date format,
YYYY-MM-DD. The pseudo attribute is unset if the database has no expiry date.
www.aveva.com
65
AVEVA Plant (12.1)

The Create Database form enables the Project

Administrator to toggle protection on a database.
This can be done by adding an expiry date via
checkboxes and options lists.
Clicking the Protected checkbox toggles the
Protected mode on and off. When toggled on, the
Expires checkbox is enabled.
Clicking the Expires checkbox toggles the expiry

date on and off. When toggled on, the three date
option lists are enabled.
The date entered must be valid and in the future.

Invalid dates and past dates output an error
message and disable the Apply button.
The Modify Database form has the same functionality as the Create Database form except that the Expiry
cannot be toggled off if previously set, however the date may be changed.
The end-user experience is unchanged except where that user is restricted with respect to a protected
database. In these cases meaningful errors are displayed to indicate that user privileges are not sufficient to
complete the requested operation.
Data Access Routines (DARs) have been restricted so that they cannot access data in a protected
database. An indicative error message is displayed in these circumstances.
Foreign databases are always read only.
www.aveva.com
66
AVEVA Plant (12.1)

6.3
Changing Database Protection A Worked Example
This worked example sets the protection on an existing catalogue database. Enter PDMS using the following
options:
Project MAS, Username SYSTEM, Password XXXXXX, MDB None, Module Admin.
In Admin select Databases & Extracts from the

Admin Elements form.
Select <DB> MASTER/PIPECATA from the grid and
click the Modify button to display the Modify
Database form.
Click the Protected checkbox to toggle database
protection on.
Select Admin > Exit from the main menu to leave
PDMS.
Designers with Read Only access to the protected
database, i.e. from the Training (TRA) project, will
now be unable to use the following:
6.3.1
OUTPUT command (DATAL).
COPY command,
databases.
EXPORT command.
Data Access Routines (DARs)
when
copying
across
Testing Database IPR Protection for the Output Command
The Catalogue MASTER/PIPECATA is used as the Piping catalogue reference in the TRA project. As the
catalogue is now protected the OUTPUT Command for catalogue items should be unavailable for this
catalogue.
Enter PDMS using the following options:
Project Training, Username A.PIPER, Password A, MDB /A-PIPING, Module Paragon.
The Paragon user interface should be set to display the Catalogue Explorer and a Command Window.
www.aveva.com
67
AVEVA Plant (12.1)

Using the Catalogue Explorer navigate to the Catalogue World called MASTER/PIPECATA, the CATA
called PDMSPIPE.CATA-ANSI and the SECT called ELBOW-ANSI.
This section can be checked to see if it is in the
protected catalogue database by entering Q
DBNAME in the Command Window. It should return
MASTER/PIPECATA.
The OUTPUT command may also be tested in the
Command Window by entering OUTPUT CE. As the
MASTER/PIPECATA is protected an error message
is displayed.
6.3.2
Testing Database IPR Protection for the Copy Command
The COPY command should also be unavailable, preventing information being transferred from a protected
database to an unprotected database. Navigate to and expand the PIPING/CATA-A World in the Catalogue
Explorer to show the CATA element /CATA-PIPING-A previously created with the database.
Enter Q DBNAME in the Command Window. It should return PIPING/CATA-A.
A new SECT and CATE will be created in this database using the Command Window, the CATE will be a
copy of an existing MASTER component.
Enter the following commands in the Command Window:
NEW SECT /Elbows
NEW CATE /AAEA200-PIPE COPY /AAEA200 RENAME /AAEA200 /AAEA200-PIPE
Make sure DAC is turned OFF on the project or that no DAC is applied to Paragon.
www.aveva.com
68
AVEVA Plant (12.1)

The new SECT and CATE will be created but the existing CATE
cannot be copied as it is in a protected database and an error
message will be displayed.
Click the OK button to dismiss the form. Note that the new CATE
has been created but no contents have been copied from the
protected database.
6.4
Attribute Protection
When the attributes of an item in a protected database are queried, some of the attributes will not be
displayed, i.e. some attributes are invisible to restricted users in a protected database. The restricted
attributes are mostly in the catalogue, but there are also some in the Properties and Design Databases.
As not all the attributes are visible it makes it very difficult to create a macro that would be able to recreate
the database items.
Typical attributes that are invisible are the height of a cylinder in the catalogue and the nominal bore of a
component connection point.
6.5
Checking Attribute Protection A Worked Example
To check attribute protection a catalogue database is entered as a Free User and the attributes of a primitive
are queried. A check is made on the same item as a Restricted User.
To see what attributes are available an MDB is created in the MAS project and the protected database
MASTER/PIPECATA added to it. Paragon may then be used to compare attributes between a protected
database and an unprotected database.
6.5.1
Creating an MDB in the MAS Project

Project MAS, Username SYSTEM, Password XXXXXX, MDB None, Module Admin.
Select MDBs from the Element options list on the

Admin Elements form.
Click the Create button to display the Create
Multiple Database form.
Enter CATA in the Name textbox.
Enter Catalogue in the Description textbox.
Select MASTER/PIPECATA and move it down into
the Current Database grid.
Select Admin > Exit from the main menu to leave PDMS.
www.aveva.com
69
AVEVA Plant (12.1)

6.5.2
Attributes as a Free User

Project MAS, Username SYSTEM, Password XXXXXX, MDB CATA, Module Paragon.
Enter /AAEA200NN in the Command Window

to navigate to the SCOM.
Enter GOTO GMREF in the Command
Window to navigate to the geometry set and
then enter SCTO1 to navigate to the circular
torus primitive.
The SCOM AAEA200NN is an ANSI

elbow that is constructed from a circular
torus primitive.
Select Query > Attributes from the main

menu to display the Attributes form.
6.5.3
Attributes as a Restricted User

Project Training, Username A.PIPER, Password A, MDB A-PIPING, Module Paragon.
Enter /AAEA200NN in the Command Window

to navigate to the SCOM.
Enter GOTO GMREF in the Command
Window to navigate to the geometry set and
then enter SCTO1 to navigate to the circular
torus primitive.
Select Query > Attributes from the main
menu to display the Attributes form.
www.aveva.com
70
AVEVA Plant (12.1)

6.5.4
Comparing Results
Comparing the two Attribute forms it can be seen that the Pdiameter attribute is missing from the Restricted
Users query.
Free User
Restricted User
www.aveva.com
71
AVEVA Plant (12.1)

www.aveva.com
72
CHAPTER 7
Enhanced Entry Scripts
A new form has been introduced to allow generation of encrypted command scripts. This form is activated
from the Create Script button on the Admin Elements form. It is activated by selecting Users or MDBs
from the Elements pull down list.
7.1
Creating an Encrypted Entry Script
Enter the PDMS Admin Module, Project Training, Username SYSTEM, Password XXXXXX.
From the Admin Elements form select Users, select the user TRAINER and click the Create Script Button.
If a User is selected in the main Admin form

element list, that user will be specified in the
Command Script Generation form.
If an MDB element is selected, the MDB option
will be checked and that MDB will be specified in
the form.
The new form requires entry and confirmation of the correct password for the specified user. It also requires
entry or selection, via the Browse button, of an output filename. MDB selection is optional, as is the
selection of an input command script.
The Input option is only available if a PML Publisher license is available in the current environment.
A further set of environmental conditions can be applied if required.

clicking on the Conditions button, which activates the following form.
The conditions are specified by
A set of allowable Windows usernames and a set of allowable host

computer names can be entered into the two lists.
Optionally a full or partial time period can be specified using the
Before and After toggles and date controls.
Clicking the OK button on this form records the specified conditions
to be applied to the generated script.
www.aveva.com
73
AVEVA Plant (12.1)

The User name TRAINER will automatically be

set. Enter the following details:
Password
Confirm
Click the Browse button.
By default, the browser will navigate to

%pdmsuser% typically:
C:\AVEVA\Plant\Data12.1.SP2\pdmsu
ser.
A
default
name
file
name
projectentry.mac will be populated in
the file name field.
Click the Save button.
On the Command Script Generation form select

the OK button.
If the file exists the user is prompted to

overwrite it.
www.aveva.com
74
AVEVA Plant (12.1)

Navigate to the newly created Entry Script file projectentry.mac and open the file using a suitable text
editor.
The file has been encrypted using the same technology as PML Publisher.
7.2
This file should not be edited as it could render it inoperable.
Typical Entry Macro
Create the following entry macro and save it as entry.pmlmac in the %pdmsuser% directory typically
C:\AVEVA\Plant\Data12.1.1\pdmsuser.
-- call entry macro
$m/C:\AVEVA\Plant\Data12.1.SP2\pdmsuser\projectentry.mac
dev tty
ALPHA log /C:\AVEVA\Plant\Data12.1.SP2\pdmsuser\aa.log over
/A-PIPING
Design
q mem
alpha log end
finish
The above macro runs the entry script created previously and allows access to PDMS without user names
and passwords being displayed. It sets an MDB, enters Design, sets a log file, queries the members and
exits PDMS.
7.3
The Macro must Exit PDMS. An example of the above file can be found in the Training Setup Directory
typically C:\AVEVA\Plant\Training12.1\Training\pdmsuser.
Typical Entry Batch File
Create the following entry batch file and save it as no-pub-batch.bat in the %pdmsuser% directory typically
C:\AVEVA\Plant\Data12.1.SP2\pdmsuser.
set pdms_installed_dir=C:\AVEVA\Plant\PDMS12.1.SP2\.
set PDMSEXE=C:\AVEVA\Plant\PDMS12.1.SP2
set PDMSWK=C:\AVEVA\Plant\Data12.1.SP2\pdmswk
call "%pdms_installed_dir%\evars" "%pdms_installed_dir%"
%PDMSEXE%\mon tty -macro=%PDMSEXE%\pdmsuser\entry.pmlmac
The above batch file sets the required environment variable for PDMS and the Project and runs the entry
macro.
An example of the above file can be found in the Training Setup Directory typically
C:\AVEVA\Plant\Training12.1\Training\Admin.
www.aveva.com

75
AVEVA Plant (12.1)

7.4
Enhanced Entry Scripts (PML Publisher Available)
The Script Generation form has the option to include a user supplied macro which is included into the
encrypted script.
This option is only available if a PML Publisher License is available in the current environment.
7.4.1
Typical User Macro
Create the following macro and save it as doit.mac in the %pdmsuser% directory typically
dev tty
/A-PIPING
Draft
ALPHA log /C:\AVEVA\Plant\Data12.1.SP2\pdmsuser\aa.log over
q mem
alpha log end
finish
The above macro will be added to the encrypted entry script that is subsequently created. The macro sets
an MDB, enters Draft, opens a log file, queries the members and exits PDMS.
The Macro must Exit PDMS.
7.4.2
Creating the Encrypted Entry Script
Using the entry script created above, create an

encrypted entry script using the Input File doit.mac.
The entry script file now includes the supplied macro.
www.aveva.com
76
AVEVA Plant (12.1)

7.4.3
Typical Entry Batch File (PML Publisher Available)
Create the following entry batch file and save it as pub-batch.bat in the %pdmsuser% directory typically
set pdms_installed_dir=C:\AVEVA\Plant\PDMS12.1.SP2\.
set PDMSEXE=C:\AVEVA\Plant\PDMS12.1.SP2
set PDMSWK=C:\AVEVA\Plant\Data12.1.SP2\pdmswk
call "%pdms_installed_dir%\evars" "%pdms_installed_dir%"
%PDMSEXE%\mon tty -macro=%PDMSEXE%\pdmsuser\projectentry.mac
The above batch file sets the required PDMS and Project environment variables and runs the entry macro.
The projectentry.mac macro file includes both encrypted entry and encrypted input and can therefore be run
standalone.
An example of the above file can be found in the Training Setup Directory typically
C:\AVEVA\Plant\Training12.1\Training\Admin.
www.aveva.com
77

System Administration

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

System Administration

Încărcat de

Drepturi de autor:

Formate disponibile

System Administration

AVEVA Plant (12.1)

AVEVA Plant (12.1)

Issued for Review PDMS 12.1.1

Issued for Training PDMS 12.1.1

AVEVA Plant (12.1)

AVEVA Plant (12.1)

AVEVA Plant (12.1)

AVEVA Plant (12.1)

Using this guide

AVEVA Plant (12.1)

Setting up the Training Course

Click the Login button.

Creating Extract Databases

Extract Families are considered later in this training guide.

Working in Extract Databases

AVEVA Plant (12.1)

Updating Changes from Extract Databases

Types of Extract Databases

AVEVA Plant (12.1)

Write Access to an Extract Databases

AVEVA Plant (12.1)

is the Master and the parent of PIPES_X1.

is a child of PIPES and the parent of PIPES_X10.

The members of PIPES are PIPES_X1 and PIPES_X2.

Querying Extract Families

Owner Primary Here

Master Primary Here

Ancestry Primary Here

Choosing an Appropriate Database

AVEVA Plant (12.1)

Extract Data Control in Design

In the Design module extract data is managed

The Get All Changes Button

AVEVA Plant (12.1)

The Update CE Button

The Update CE button refreshes the claim list

The prefix E is explained later in this

The Extract Claimlists Button

The Extract Claimlists button shows details of

The User Claimlists button

Clicking the User Claimlists button

AVEVA Plant (12.1)

The Extract Button

Extract Database Operations - Scope

The Prefix Info Button

Clicking the Prefix Info button displays the

In this example, Site /SITE-PIPES-AREA01

AVEVA Plant (12.1)

Rules and Connections

When the Always Issue / Flush Changed Rules /

This would typically be used where a claimed pipe

2.6.10 The Flush Button

AVEVA Plant (12.1)

2.6.11 The Issue Button

Following an Issue the Item will not be claimed.

2.6.12 The Drop Button

AVEVA Plant (12.1)

Creating Standard Extract Databases A Worked Example)

Make the Users members of the following teams:

AVEVA Plant (12.1)

Create a Master Database

For this example, a new master database will be

The database type required is a