In Nora IPLM, each object is managed according to the workspace it belongs to.
All access rights are evaluated at the workspace level, not globally.
This means a user’s ability to view or act on an object depends entirely on their permissions in that specific workspace.
How Access Is Determined
A user can access an object only if they have adequate access rights in the workspace where the object exists. These rights can be granted:
- Directly, through a role assigned to the user in that workspace
- Indirectly, through one or more groups that are assigned roles in that workspace
If a user belongs to multiple groups, the system evaluates their effective permissions based on the roles granted through those groups and any direct assignments.
No Workspace Role, No Access
If a user has no role defined for a workspace, either individually or through their groups:
- The workspace data is not visible
- Objects cannot be viewed, searched, or accessed
- No actions or lifecycle operations are available
This applies consistently to all object types, including items, documents, and drawing objects.
Why This Matters
Workspace-based object control allows organizations to:
- Isolate data by team, project, or customer
- Apply different governance rules per workspace
- Prevent unintended data exposure across workspaces
- Maintain clear ownership and responsibility
This model keeps access predictable, secure, and aligned with how workspaces are structured in Nora IPLM.
