(no) Anonymous User
Translation needed
The content of this page was copied from another page tree and needs to be translated or updated.
When you finish translation, make sure to
-
Replace the label NEEDS-TRANSLATING with TRANSLATED
-
Remove this macro from the page
Introduction
Anonymous user access can be used in several scenarios, one of them being and embedded application running on a 3rd party public website.
Enabling Anonymous Access in System Settings of FM-Access
To change these settings and enable anonymous access, please go to
Administrative Panel → System → System Settings → Other → Anonymous Access
Enabling Anon client in KeyCloak Management Console
By default KC creates for each realm HDC Anon Client - which has parameter enabled set to false.
To enable it, click on HDC Anon Client and set property Enabled to True
Data availability for Anonymous Users
For ease of management, anonymous sessions have the same privileges as a user selected in configuration.
Even though a basic privileges are the same as for this user, there are some important limitations that cannot be changed.
Anonymous user has only access to several services that allow for viewing of Documents:
basic system configuration and parameters
drawing structure
macro resolver
icons
basic object properties (metadata)
dynamic labels
presentations
Anonymous access is always read-only. No changes in data are allowed regardless of security settings for selected user.
Even taking that into account, it is advised to use minimum required privileges for a user that will be used for anonymous access.
Anonymous user should have appropriate (no) Sikkerhetsinnstillinger applied, that include specific object class access and only selected fields available ((no) Feltnivåsikkerhet (FLS))
Creating anonymous sessions
When this configuration is enabled, accessing a dedicated URL will create an anonymous session and allow access to application and data.
https://myserver.bim.cloud/AnonClient/
Accessing this URL will at the same time create a new session and return client application code.
It's the responsibility of the system administrator to make sure only allowed data is made available through anonymous access.
Please double check your security settings before enabling Anonymous Access.
Please make sure that all data fields containing sensitive data (e./g. personal or financial data) are secured with a proper FLS settings with Not Available flag.
User with Anonymous session is never allowed to make any changes in data. This is a system rule that cannot be overridden by user settings.
User that already has a valid session in given web browser, will have this session reused (new anonymous session will not be created, even when accessing "anonymous" URL)