HaloENGINE
HaloENGINE
Breadcrumbs

Phase 3. Configure Profiles and Classification

A profile is a repository for all details relating to classification settings.

Follow the procedure below to configure the Profile:

  1. On the left navigation bar, click Customer Configuration, and then select the customer ID (halo_customer) from the list.

  2. On the Profile Configuration tab, click Configure. The following page appears, as shown in the figure below:

    Profile Configuration #1.png

    Profile Configuration page #1

  3. On the Profiles and Classification tab, click Configure.

  4. Upon opening, the Classification Profiles page appears empty, with no profiles added.

  5. Click the plus icon, and then enter the following details:

    Profile Configuration #2.png

    Profile Configuration page #2

  6. Profile Name − Enter a name for the new profile. Note: A profile name cannot contain any of the following characters "< >: " / \ |? * ` ~" and can contain “- _"

  7. Description − Enter a description for the new profile (optional).

  8. Activate − The current profile is automatically enabled by default. However, you can deactivate it by clicking the Activate slider button.

  9. Click Save.

  10. Repeat the above steps to create multiple profiles.

    Results:

    1. A confirmation message appears after the profile is saved successfully.

    2. The new profile is added to the Classification Profiles list. 

      Example of a Multi-Customer ids.png

      Profile list

Related tasks

  1. You can manage Classification Profiles using the Copy, Edit, Delete, Download, and Import icons .

  2. To view the details of a profile, click the Profile Details icon.

What to do next:

  1. Click Reload Configuration to apply the changes.

  2. Select a classification profile from the displayed list. The Classification Configuration page appears, as shown in the figure below:

    Classification Configuration.png

    Classification Configuration

  3. Refer to the following sections to create a classification schema, rules (download and upload), configure metadata (only for Teamcenter System type), and assign systems for each profile.

Create Classification Schema

The classification schema contains properties and their values. 

  1. On the Classification Schema tab, click Configure. Upon opening, the Classification Schema page appears empty, with no schemas added.

  2. Click the plus icon and enter the following details:

    1. Property Name − Enter a name for the new property (maximum 20 characters and case sensitive). For example, sensitivity.

    2. Property Value − Enter a value for the property (maximum 20 characters and case sensitive) and click the plus icon on the right. The value is added to the list. For example, Secret, Confidential, and Internal.

      Classification Schema Configuration.png

      Classification Schema Configuration

  3. The first entry (e.g., Secret) will be taken as the default value, but you can modify it using the Default dropdown menu. The words default, group, multiple, if, tree, hierarchy, and return are reserved keywords that are used for internal processes. Therefore, it should not be used as a Property Name or Property Value. Using the keyword will result in a compile-time error. 

  4. Add as many values as you wish to add.

  5. Click Save.

    Results:

    1. A confirmation message appears after the Classification Schema is saved successfully.

    2. The property name and its values are added as a node.

    3. Similarly, you can add schemas by clicking the plus icon.

  6. Enable tree structure: To have a tree structure view of information, where each item can have multiple children, select the Property Value (e.g., Asia) and enter a value in the property value field (e.g., India), and then select the Enable tree structure check box and add the child node using the plus icon. In this illustration, the Property Value “Asia” contains three child nodes - India, Saudi Arabia, and Singapore.

  7. Click Close to exit the page.

    Classification Schema list.png

    Classification Schema list

  8. Click Reload Configuration to apply the changes.

Related tasks

  1. By default, the current property is activated. You can deactivate it by selecting the Deactivate Property check box.

  2. You can manage classification profiles using the Edit and Delete icons .

Create Download Classification Rules

Download rules define classification rules based on metadata types and Pre-Expression, while Action rules determine whether a file is blocked, protected, or excluded during download.

Custom Pre-Expression

This page allows you to create custom pre-expressions depending on the system types for which you have been licensed. This is available for all systems such as Windchill, Teamcenter, Keytech, Autodesk_Vault, SOLIDWORKS_PDM, and HaloENGINE_API.

  1. Navigate to the Profile Configuration tab and click Configure > go to the Profiles and Classification tab and click Configure > select a classification profile > on the Rules Configuration tab, click Configure. The following page appears, as shown in the figure below:

    Rules Configuration.png

    Download rules configuration page

  2. On the Classification Rules tab, click Configure, and the following page appears, as shown in the figure below:

    Classification rules.png

    Classification rules page

  3. On the Pre-Expression tab, click Configure, and the Pre-Expression Configuration page appears, as shown in the figure below:

    Pre-Expression Configuration.png

    Pre-Expression Configuration

  4. On the Pre-Expression Configuration page, click Custom Pre-Expression. Upon opening, the Custom Pre-Expression page appears empty, with no pre-expressions added.

  5. Click the plus icon and enter the following details:

    Custom Pre-Expression #1.png

    Custom Pre-Expression #1

  6. Custom Pre-Expression Name − Enter a name for the new custom pre-expression entry. Note: only 'alphabet', 'numbers', '_', and '-' characters are supported. 

  7. Description − Enter a description of the new custom pre-expression (optional).

  8. System Type − Based on your license, your system type will be displayed by default.

  9. Metadata − Select a metadata from the list.

  10. Activate − The current Custom Pre-Expression is automatically enabled by default. However, you can deactivate it by clicking the Activate slider button.

  11. Click Save.

    Results:

    1. A confirmation message appears after the Custom Pre-Expression is added.

    2. The new custom pre-expression is added to the list.

    3. Click Reload Configuration to apply the changes.

Reference Manuals: For more information about metadata description, please refer to the relevant HaloCAD PLM/PDM Installation Manual.

  1. Autodesk Vault – HaloCAD for Autodesk Vault Installation Manual

  2. Teamcenter – HaloCAD for Teamcenter Installation Manual

  3. Windchill – HaloCAD for Windchill Installation Manual

  4. SOLIDWORKS PDM – HaloCAD for SOLIDWORKS PDM Installation Manual

  5. Keytech – HaloCAD for Keytech Installation Manual

  6. HaloENGINE API – Since there is no built-in metadata for the REST SDK, custom metadata can be used to generate new metadata for the HaloENGINE API system type. Please refer to the section “ Custom Metadata ”.

To add custom metadata configuration

  1. Now, select a custom pre-expression from the list, and the Custom Metadata Configuration page appears, as shown in the figure below. For illustration, a new custom pre-expression "DOMAIN” is added to the list.

    Custom Pre-Expression #2.png

    Custom Pre-Expression #2

  2. Click the plus icon. The Add Custom Metadata Values dialog appears.

  3. Enter a value and select any one of the following options:

    1. YES = it contains specified metadata information

    2. NO = it does not contain the specified metadata information

    3. Click Save.

    Results:

    1. A confirmation message appears after the Custom Metadata is saved.

    2. The new metadata value is added to the list.

    3. Click Reload Configuration to apply the changes.

Related tasks

  1. To find a metadata value, enter the name in the Search Metadata text box. The search results will be shown.  

  2. If you want to remove custom metadata from the list, click the Delete icon against the metadata.

  3. To Import Custom Metadata: If you wish to add your own metadata, click Import Metadata. The Import Custom Metadata dialog will appear. Click on the button and select the metadata file (.csv, .xls.xlsx) from the Open Windows dialog.

  4. To Export Custom Metadata: If you wish to export the existing metadata, click Export Metadata. An Excel file will be downloaded. The new custom pre-expression is displayed and available for user selection in the Classification Rule UI as metadata, as shown in the example below:

    Example for Custom Pre-Expression #3.png

    Example for Custom Pre-Expression #3

  5. You can manage Custom Pre-Expressions using the Edit or Delete  icons .

Custom Metadata

For data classification and secure file downloads, the HaloENGINE Admin Portal uses the default metadata. However, depending on organizational requirements, the portal allows administrators to add custom metadata.

Note: Metadata can be configured for PLM clients who do not want schema or rule-based decryption. For more information, refer to the section " Metadata Configuration ”.

Follow the procedure below to create custom metadata for System types:

  1. On the left navigation bar, click Customer Configuration, and then select the customer ID (halo_customer) from the list.

  2. Navigate to the Profile Configuration tab and click Configure > go to the System Metadata Configuration tab and click Configure.

  3. Click the System Type to which you want to add the custom metadata. In this example, the WINDCHILL System Type is selected.

  4. Click the plus icon. The Add Custom Metadata dialog appears.

  5. Enter a name and click Save.

    Metadata details page.png

    Metadata details page

    Results:

    1. A confirmation message appears after the Custom Metadata is saved.

    2. The new metadata name is added to the list.

    3. Click Reload Configuration to apply the changes.

Related tasks

  1. If you want to edit/remove newly added custom metadata from the list, click the Edit/Delete icon against the metadata.

  2. To search metadata by name, use the text box labeled Search by Metadata. Your search results will be displayed.

  3. The new custom metadata is displayed and available for user selection in the Classification Rule UI, as shown in the example below:

    Example for Custom Metadata.png

    Example for Custom Metadata

Create Download Rules

Prerequisite: Make sure that classification properties and their values are configured.

Classification Rules define one or more classifications based on metadata types and pre-expressions.  

  1. Navigate to the Profile Configuration tab and click Configure > go to the Profiles and Classification tab and click Configure > select a classification profile > on the Rules Configuration tab, click Configure > on the Classification Rules tab, click Configure > finally, click the Rules tab and then Configure.

  2. Upon opening, the Download Classification Rules page appears empty, with no rules added.

    Download classification rules page.png

    Download classification rules page

  3. Select a property from the Choose a Property table and then click the plus icon.

  4. The Classification Rules Configuration page appears, as shown in the figure below:

    Classification rules configuration.png

    Classification rules configuration

  5. Enter the values for the following:

    1. Rule Result − Select a value from the list.

    2. System Type − Based on your license, your system type will be displayed by default.

    3. Metadata − Select a value from the list. 

    4. Condition − Select a condition (Equal/Not Equal) from the list.

    5. Value − Enter a value for the selected metadata (case-sensitive).

  6. Click Set to apply the rules.

  7. The selected metadata and its condition are added to the list.

  8. Click Save.

Results:

  1. A confirmation message appears after adding or updating the rule.

  2. The rule is added to the list under the Overview table as shown in the figure below:

    Classification rules configuration page.png

    Classification rules page after configuration

  3. Click Reload Configuration to apply the changes.

Related tasks

  1. By default, the current rule is activated. However, you can disable it by selecting the Deactivate Rule checkbox.

  2. To adjust a rule’s priority, select the rule and click the corresponding Up Arrow or Down Arrow icon.

  3. To undo the priority changes, click the Restore Priority Changes icon.

  4. To save the updated priority order, click the Save Priority Changes icon.

Reference Manuals:

For more information about metadata description, please refer to the relevant HaloCAD PLM/PDM Installation Manual.

  1. Autodesk Vault – HaloCAD for Autodesk Vault Installation Manual

  2. Teamcenter – HaloCAD for Teamcenter Installation Manual

  3. Windchill – HaloCAD for Windchill Installation Manual

  4. SOLIDWORKS PDM – HaloCAD for SOLIDWORKS PDM Installation Manual

  5. Keytech – HaloCAD for Keytech Installation Manual

  6. HaloENGINE API – Since there is no built-in metadata for the REST SDK, custom metadata can be used to generate new metadata for the HaloENGINE API system type. Please refer to the section “ Custom Metadata ”.

Add Action Rules

Action rules define the conditions under which a file download is blocked, protected, or excluded.

Follow the procedure below to add Action Rules:

  1. Navigate to the Profile Configuration tab and click Configure > go to the Profiles and Classification tab and click Configure > select a classification profile > on the Rules Configuration tab, click Configure > under Action Rules, click Configure. The following page appears as shown below:

    Action Rules.png

    Action Rules

  2. On the Rules tab, click Configure. When opened, the Action Rules for Download page appears empty, with no action rules added.

  3. Click the plus icon. The Add Action Rule page appears.

  4. Under Choose Resulting Actions, select any one of the actions. Please note that you can select only one action at a time: Block, Label, or Exclude.

    1. To block a file download, select the Block check box and proceed to point 6 .

      Action Rule - Block.png

      Action rule for block

    2. To protect a file download, select the Protect/Label check box. Click Choose Label to select a label from the list. Proceed to point 6 .

      Action Rule - Protect.png

      Action rule for protection

    3. Exclude − Allows suppressing actions such as monitor, block, label, or protect during a file download by selecting the Exclude action based on the configured metadata or Pre-expression. If selected, other options will be disabled. Proceed to point 6 .

  5. System Type− Based on your license, your system type will be displayed by default.

  6. Enter the values for the following under Construct Rules:

    1. Property − Select a value from the list.

    2. Condition − Select a condition (Equal/Not Equal) from the list.

    3. Value − Select a value from the list.

    4. Deactivate Rule − If you want to deactivate a rule, select Deactivate Rule check box.

  7. Click Set to configure the rule. The selected property and its condition are added to the list.

  8. Click Save.

    Results:

    1. A confirmation message appears after adding or updating the action rule.

    2. The rule is added to the list.

      List of action rules.png

      List of action rules

    3. Click Reload Configuration to apply the changes.

Related tasks

  1. You can manage the Action Rule using the Edit and Delete  icons .

  2. To increase or decrease the priority of a rule, select the rule and click the corresponding Up Arrow or Down Arrow icon.

  3. To reverse any priority changes, click the Restore Priority Changes icon.

  4. To save your priority changes, click the Save Priority Changes icon.

Action Rule priorities

When multiple classification rules exist, the HaloENGINE prioritizes them from top to bottom. For example, consider Rule 1, Rule 2, Rule 3, and Rule 4 in the Classification Engine.

  1. The Classification Engine evaluates the topmost rule, Rule 1, first. If all classification expressions are correct, the first action rule is applied.

  2. If not, it moves on to Rule 2 and performs further verification.

  3. This process continues until a correct classification expression is found or no rules apply.

Owner Configuration (Optional) 

This feature defines how a user can be determined as the owner of exported documents.

Supported client systems: Teamcenter, Windchill, Autodesk_Vault, and Keytech systems.

Owner configuration does not apply to the SOLIDWORKS PDM client, as protection is managed by HaloCAD for SOLIDWORKS PDM.

 Follow the steps below to configure owner rights: 

  1. On the Owner Configuration tab, click Configure.

  2. The Document Rights Configuration page appears as shown in the figure below:

    Owner rights in Azure RMS.png

    Owner rights

  3. Select one of the following three options:

    1. Service (default) − The Application ID used to initialize the HaloENGINE Tomcat Service becomes the owner of the document.

    2. Static email − The email address entered in the text box is considered the owner of the document.

    3. User − The mail address is derived from the client system, such as Windchill, Teamcenter, Keytech, Autodesk_Vault, or HaloENGINE_API.

  4. Click Save to save the rule.

    Results: A confirmation message appears after updating the assigned rights.

Metadata Configuration

SetMetadata/Unprotect Action (only for Teamcenter): It allows you to set existing metadata back onto the file while checking-in, based on the MPIP label. This aids in the consistency of file classification. As an example, for Teamcenter IP_Classification values can be returned. Note: It is not currently supported by other PLMs.

Prerequisite: Ensure that the Classification Schema is available.

Follow the steps below to configure metadata: 

  1. Navigate to the Profile Configuration tab and click Configure > go to the Profiles and Classification tab and click Configure > select a classification profile > go to the Metadata Configuration tab and click Configure.

  2. Upon opening, the Add Metadata Rule page appears empty, with no metadata rules added.

    Add metadata rule.png

    Add metadata rule

  3. By default, the SetMetadata/Unprotect option is selected.

  4. Click ADD METADATA.

  5. The Add Metadata page appears, as shown in the figure below:

    Add Metadata.png

    Add metadata page

    1. Metadata − IP_CLASSIFICATION will be displayed by default. Currently supported only for ip_classification metadata.

    2. Value − Enter the metadata that is used during encryption (minimum of 3 characters, maximum of 30 characters, and case sensitive).

    3. Click on the plus icon to apply the rules. The selected metadata and its condition will be added to the list.

    4. Click Save.

  6. System Type − Teamcenter will be displayed by default. Currently supported only for the Teamcenter system type.

  7. Enter the values for the following under Construct Rules:

    1. Property − labelID will be displayed by default. Currently supported only for labelID.

    2. Condition −Select a condition (Equal/Not Equal) from the list. 

    3. Value − Select a label from the list.

    4. Click Set to set up the rules. The selected property and its condition will be added to the list. 

    5. Deactivate Rule − By default, the current rule will be activated. However, the admin portal allows you to turn off the Rule by selecting the Deactivate Rule check box.

  8. Click Save.

    Results:

    1. A confirmation message appears after adding or updating the rule.

    2. Click Reload Configuration to apply the changes.

The table below outlines the key attributes that are allowed on each system type.

Profile Configuration

System Types

Download Rules

(default)

PII and Fin. Info.

Cust. Pre-Exp.

Owner Config.

Metadata Config.

Sys. Metadata Config.

Auth./Comm. Endpoint

Teamcenter

Yes

N/A

Opt.

Opt.

Opt.

Opt.

Mutual

Autodesk_Vault

Yes

N/A

Opt.

Opt.

N/A

Opt.

Mutual

Windchill

Yes

N/A

Opt.

Opt.

N/A

Opt.

Mutual

Keytech

Yes

N/A

Opt.

Opt.

N/A

Opt.

Mutual

SOLIDWORKS PDM

Yes

N/A

Opt.

N/A

N/A

Opt.

Supports mutual and server-side

HaloENGINE_API

Yes

N/A

Opt.

Opt.

N/A

Opt.

Supports mutual and server-side

Key attributes of each system type

Abbreviations used in the above table

  1. Yes - applicable by default

  2. N/A - Not Applicable

  3. Opt. - Optional

  4. Fin. Info. - Finance Information

  5. Cust. Pre-Exp. - Custom Pre-Expression

  6. Owner Config. - Owner Configuration

  7. Metadata Config. - Metadata Configuration (Profile Configuration > Profile Classification > Classification Configuration > METADATA CONFIGURATION)

  8. Sys. Metadata Config. - System Metadata Configuration (Profile Configuration > System Metadata Configuration)

  9. Auth. - Authentication

  10. Comm. - Communication

Assign User Permission

HaloENGINE uses three roles—ROLE_SUPER_ADMIN, ROLE_CUSTOMER_ADMIN, and ROLE_CUSTOMER_USER—for authentication and authorization. These roles are set up and managed through the Azure portal. For more details, please refer to the section “ User Management Settings ”. The Assign User Permission page allows you to add users who have been assigned to the role ROLE_CUSTOMER_USER.

The following configurations are possible for the ROLE_CUSTOMER_USER. Using these read-and-write permissions, a user can manage multiple profiles.

For example,

  1. User 1 - assigned with full rights as an admin user. So he could access the entire portal without any limitations.

  2. User 2 - assigned with read-only access. This user can view the configuration of a particular profile, but is restricted to changing the settings.

  3. User 3 - assigned with write access. This user is allowed to change the configuration of a particular profile.

User accounts

  1. Administrator with Super User role—Granted, the highest level of access to the entire HaloENGINE component.

  2. Domain Users with Customer_Admin roles—Have fewer administrative privileges than Super User.

  3. Domain Users with Customer_User roles must be configured with access. Access to this user is granted by either Customer_Admin or Super User.

Follow the procedure below to configure user access:

  1. Navigate to the Profile Configuration tab and click Configure > go to the Assign User Permission tab and click Configure.

  2. Upon opening, the User-Profile Permission page appears empty, with no profiles added.

  3. Click the plus icon and enter the following details:

    Add profile permission.png

    Adding a user page

  4. Email ID - Enter the email ID, which is mapped to the role ROLE_CUSTOMER_ADMIN/ROLE_CUSTOMER_USER in the Azure portal. For more details, please refer to the section " User Management Settings ".

  5. Select Profile - Select a profile from the list.

  6. User Permission - Select either View Permission or Full Permission for the user.

  7. Click Save.

    Results:

    1. A confirmation message appears after adding the user permission.

    2. The email ID is added to the list, as shown in the figure below:

      User profile permission #1.png

      User profile permission #1

    3. Click Reload Configuration to apply the changes.

Related tasks

To know the details of a user.

  1. Click on the user’s email ID. The Profile Permission Details page appears as shown in the figure below:

    User profile permission #2.png

    User profile permission #2

  2. You can manage the permission using the Edit and Delete icons .