Overview of Modeler access permissions
To enhance enterprise security, PTC has segregated tasks for PTC Modeler administrators, Modeler database administrators, and Modeler users who work on Models. PTC Modeler has introduced administrative roles such as the Modeler System Administrator and the Modeler Database Administrator. Users who are engaged in working with Models are managed by Modeler Application Users that are endowed with Read or Write privileges.
Administrative roles in PTC Modeler
SQL Server Administrator (not created by PTC Modeler)
Users with this role can perform the following tasks:
• Install PTC Modeler
• Manage Modeler System Administrators
• Manage Active Directory group changes
• Perform database migration
Modeler System Administrator
Users with this role can perform the following tasks:
• Manage Modeler logins
• Manage Active Directory group changes
• Perform SQL Instance administrative tasks
• Perform database administrative tasks
• Perform database migration
Modeler Database Administrator
Users with this role can perform the following tasks:
• Perform database level tasks
• Manage principals with a database
Modeler roles for working with models
Modeler Application User with Read access
Users with this permission can perform the following tasks:
• Access public models
• Access models for which explicit access is provided for the user
 | Providing Read access to a database for a user overrides owner or write permissions on models in the database |
Modeler Application User with Write access
Users with this permission can perform the following tasks:
• Create or manage models
• Perform model level tasks
• Manage access permissions on a model. (To do this task, the user should be a model owner).
| | • Modeler Application User permissions that are managed using the Create Login or Change Login menu options have Write permissions. • Modeler System Administrator cannot provide Read permission for Modeler Application Users using the Create Login or Change Login menu options. |
Access levels
For a summary of access permissions required to perform primary tasks, see Access permissions required for performing tasks.
After installing Modeler, decide on the security needs of your Models and then set up Modeler accordingly. You can control security at the SQL Instance, database, Model and Model item level.
At the Modeler SQL Instance level you can set Modeler System Administrators, Modeler Database Administrators and Modeler Application Users through Model Explorer. You can synchronize all active directory groups for Modeler databases.
At the database level you can:
• Manage databases
• Provide read and write access to users and groups through Model Explorer
Through the database access permissions you can allow users to create (and import) Models.
At the Model level you can specify which users can open the Model (assuming that global access permissions have not been granted at the database level).
At the Model item level, write access is controlled through the Packages (assuming that global write permissions have not been granted at the database level). The owner of a Package can specify which users have write access permissions to the items scoped by the Package. Note that if a user can open a Model, that user has read access to all items in that Model.
| | When working with local databases on a Standalone installation computer, only local users are available for selection when setting up Database, Model and Package access permissions. |