Document toolboxDocument toolbox

Anonymous User




Introduction

Anonymous user access can be used in several scenarios, one of them being and embedded application running on a 3rd party public website.

Enabling Anonymous Access in System Settings of FM-Access

To change these settings and enable anonymous access, please go to

Administrative Panel → System → System Settings → Other → Anonymous Access

Enabling Anon client in KeyCloak Management Console

By default KC creates for each realm HDC Anon Client - which has parameter enabled set to false.

To enable it, click on HDC Anon Client  and set property Enabled to True

Data availability for Anonymous Users

For ease of management, anonymous sessions have the same privileges as a user selected in configuration.

Even though a basic privileges are the same as for this user, there are some important limitations that cannot be changed.

Anonymous user has only access to several services that allow for viewing of Documents:

  • basic system configuration and parameters

  • drawing structure

  • macro resolver

  • icons

  • basic object properties (metadata)

  • dynamic labels

  • presentations

Anonymous access is always read-only. No changes in data are allowed regardless of security settings for selected user.

Even taking that into account, it is advised to use minimum required privileges for a user that will be used for anonymous access. 

Anonymous user should have appropriate Security Settings applied, that include specific object class access and only selected fields available (Field Level Security (FLS)) 

Creating anonymous sessions

When this configuration is enabled, accessing a dedicated URL will create an anonymous session and allow access to application and data.

https://myserver.bim.cloud/AnonClient/



Accessing this URL will at the same time create a new session and return client application code. 





It's the responsibility of the system administrator to make sure only allowed data is made available through anonymous access.

Please double check your security settings before enabling Anonymous Access.

Please make sure that all data fields containing sensitive data (e./g. personal or financial data) are secured with a proper FLS settings with Not Available flag.



User with Anonymous session is never allowed to make any changes in data. This is a system rule that cannot be overridden by user settings.



User that already has a valid session in given web browser, will have this session reused (new anonymous session will not be created, even when accessing "anonymous" URL)