Evolve with Vault: What's New in Vault 2017

ANIL CHINTAMANENI: Good morning, everyone. We're going to get started. It's about time. Welcome to the class, "Evolve with Vault, What's New in Vault 2017."

My name is Anil Chintamaneni. I'm a user experiences designer at Autodesk. I've been working with Autodesk since 2005. So it's been almost 12 years. And in all these 12 years mostly I was focused on data management products, primarily Vault. Of late I've been working on Fusion Lifecycle

Prior to working at Autodesk I worked at Ford Motor Company for a few years after graduating from school with a master's in mechanical engineering. And my co-speaker Irvin.

IRVIN HAYES JR: Hello everyone. My name is Irvin Hayes. I am a product manager at Autodesk. Working for Autodesk 12 years now.

Ever since I worked at Autodesk I've worked on the Vault product line. I have mostly an IT background, so I'm not an engineer or designer, or anything of that nature but, yeah, you could see the rest there. But if you have any questions, let me know.

ANIL CHINTAMANENI: OK. So over the last year Vault product has undergone many changes, changes in security, licensing, item BOM, Factory integration, and many other changes. So this class is about giving you an overview of those changes. So at the end of this class, you'll be able to learn about the security changes, licensing related changes, Item BOM enhancements, and also some other important changes, such as Factory integration, and more.

Let's talk about security. If you look at the old security model in Vault it can be treated as a gated model with two gates in it. First gate is role-based permissions. You have to have a role in order to have certain permissions within Vault. And once you pass the gate there is object-based security or state-based security.

When both ACLs exist it's the state-based security that overrides object-based security. That's the old model. As you can see, when state ACL exists it is overriding object ACL. In other words, folder ACL. In the new security model, we introduced a third gate. So you have your first gate, role-based permissions, second gate, object-based security, and third gate is state-based security.

Instead of overriding object-based security, state-based security now works in combination with object-based security. In other words, the intersection of permissions between the two. So in comparison, in the old model, state ACL overrides folder ACL. In the new model, state ACL works in combination with folder ACL.

These are some of the rules for resulting permissions. In order for you to have an allow permission in the resulting ACL you must have allows at both gates, both object-based security and state-based security. If you have a soft deny or explicit deny, soft deny is something like you have not checked either of the boxes for a permission. That will result in a deny in the resulting ACL.

This table is probably in the handout for you to refer to. Some examples in the new security model. So in this particular case, group one has a Read permission and also a Delete permission. Modify is set to soft deny. At state ACL group one has Read allowed and Modify allowed. In the resulting ACL, in the new model, you will have Modify set to deny because at the object ACL Modify is denied.

Another example, group two has Read allow at the object level. Group eight has Read allow, and group two has Read allow at the state ACL. In the resulting ACL, group eight does not exist because group eight is not an ACL at the object level.

Another example. This is a case of a group, which is a subset of a superset, or a super group. In the old model, the cylinder group is set to Read, Modify allow at the object ACL. And at the state ACL everyone is given Read permission. So in the old model, since state ACL overrides object ACL, everyone has Read only access at the end.

In the new model, since it's a combination of intersectional permission, it's the cylinder group that's going to have Read only access because they are allowed to read in both gates. Another example that it was two different groups with mixed users between them. So there is a cylinder group and then there are engineers.

Cylinder group has Read, Modify allowed at the object ACL. And engineers have Read permission at the state ACL. In the old model, since state ACL overrides object ACL, all engineers will have Read only access because that's what is set at the state ACL. In the new model, since it's a combination of permissions, it's the engineers that are inside the cylinder group that are going to have Read only access at the end.

So that's about combined security, where we combine object-based security with folder security. Since some of you are coming from old releases of Vault you may have already configured your Vault in such a way that given the limitation that state ACL overrides object ACT, your permissions are set in such a way that it works for you.

So if you want a country to work that way you can use this new setting called Definition Security, that for migrated definitions is going to be set to override object-based security. So it's going to continue the legacy behavior for all the old definitions that are migrated forward. For all the new definitions it's going to be set to combine with object-based security. So the new model kicks in when this setting is applied.

Propagation of folder security. As far as object-based security is concerned, no changes, same as a legacy. When it comes to state-based security of folders, there is a new setting that will allow you to apply state security on files that are inside a folder when the folder enters a particular lifecycle state. So you can take the state ACL and apply it on the files or you can apply custom security on a file when the folder enters a particular state, or you can remove any override that's on the file when the folder enters a particular state.

Some changes to the UI. If you notice that the permissions grid is made up of two boxes in legacy. And all those permissions interfaces are changed to have a single grid with three different permissions as dropdown values instead of checkboxes. And the details dialog has been changed it is showing single grid, as I mentioned earlier, three different values, allow, deny, and soft deny is a blank, in this case.

It has different security modes. You can switch between object-based security and state-based security. In previous releases of Vault state-based security is not shown in this dropdown. And then a new label that will indicate to the admin that combined security is in effect, or override security is in effect. Or if either state-based security or override is missing, effective security will be set to object-based security.

Override can be set manually or it can come from the state. If you remember the definition of security that I showed earlier, if the definition security is set to override OBS that override will come automatically from the state. And the admin can set a manual override too. So as you can see, when override is applied effective security at the bottom reads override security.

Effective Access tab. This is going be very helpful for the admins to know the effective permissions for a given user for that particular object. Although the effective access is the default mode you can switch between object-based security and state-based security to see the permissions for that given user. And this is a Read only view. You cannot make edits in this particular UI.

In order to make edits you have to go to the Security tab, make your changes, apply those changes, and come back to see what kind of effect those changes are going to have effectively for that user. And you can only add users and not groups to this interface.

Some other changes. Search has been updated so that it takes into account the combined security. Change state operation has changed so that it honors the modify permission-- it honors the object-based security for the object. So for a user, in order for him to have changed a permission he must have a modified permission at the OBS level in addition to transition security.

To learn more about these changes please sign up for this class, "Security Awakens, Defending Against First Order." And it's been taught by Irvin. It's this afternoon. If you have not registered yet, if there's room, I suggest that you sign up now.

Let's take a quick look at the product. So let me show you some of the administrative settings that I talked about. All right. So this is a definition that is brand new. In order for me to see the definition security I have to go into edit mode. So this is a new setting that will allow the admin to combine state security with OBS or override OBS with state security.

And if you look at the Security tab, you can see the UI changes. You know see the grid instead of the two boxes. And while we are here, I'm also going to show you the Security for files inside folders.

This is a new setting that will allow you to apply whatever that's here for the folder as state security, you can apply that to the files that are inside the folder. Or you can apply custom security, in which case you can edit this grid and whatever ACL that you want to apply to the folder and to the file when the folder enters a particular lifecycle state. Or you can remove any override that exists on the file when the folder enters that state

Let me get out of here. Since my resolution has changed I have to resize my dialogues. So let me quickly go to this particular file and show you the Security tab. As I mentioned earlier, you can switch between object-based security and state-based security. You can see, OBS is set to allow for all permissions for admin and these two groups. And state security has some denies.

And if I want to see the effective access for a given user when the file is in this particular state, let me add Dan Designer, for instance, and Ed Engineer. So this is the effective access for both Dan and Ed when the file is in this particular lifecycle state. And their OBS is set to allow for all permissions. And state security has some denies. And effectively, all the permissions that have allows at gates are going to have effectively allow. And the ones that have denies will result in deny.

Let me go back to my presentation. Licensing has undergone some major changes. With the way licensing works in previously releases of Vault, is that there is no licensing logic on the client side.

Licensing is all managed on the server side. There is NLM and then there is ADLM component that sits on the ADMS. ADLM and NLM talk to each other and the clients don't get involved in licensing.

Again, in old modeling, if you have AVSF there is an ADLM component for AVFS as well, along with ADMS. And there is no client interaction as far as licensing is concerned. Come to Vault 2017, click cloud licensing, as we call it, is on the client and it is the client that talks to the license server in case of a network license.

And for Vault Office, thin client and N minus clients, we still need ADLM. In other words, server side licensing. All the new clients will leverage click licensing.

Also with the new licensing model, a new license type is allowed for Vault, which is single user license, or also known as standalone license. Vault Office is not supported with standalone license. And even in this model, for the thin client and in N minus clients you will still need licensing on the server.

Some changes for the installer, mainly for deployment. If you're familiar with the deployment pages of the installer for the client, no changes for the configuration page. License agreement remains the same.

Product information page, this is new. This is something that you might have seen on the server installer, to specify the license type and license server in case of network license. So for network license you specify the license server. And serial number, or standalone license is new to Vault. And it's available on the deployment so that end user doesn't have to specify anything when they install the client.

You specify the serial number and product key. As I said earlier, Vault Office is not supported with standalone license. And the client Flavor page is going to be disabled based on your selection or based on the product key that you entered in the previous page.

In case of a regular installer though, user has to specify the flavor, Vault Office or Vault Professional. And they will have a different experience. For regular installs the user will have a different experience after installing the product and the first time they launch the pilot. Server installer. The product information page remains as it is for the sake of thin client and N minus clients.

Let's get started. This is click terminology, or called licensing terminology. When the user starts up the product after installing with through regularly install. If it's a deployed image user doesn't have to do anything, user bypasses this particular part of the experience.

If it's a regular install user sees this. In case of Vault Professional and Vault Workgroup, user has two options, either network license or standalone, which is enter a serial number. In case of Vault Office, since it does not support standalone, user has only one option, which is to specify the license server.

If user chooses enter a serial number, user will go through these pages, activates, enter a serial number and product key. And then he is in the product. And within the product, what you are seeing is the user account menu at the top, that will allow you to manage your license. So instead of going to NLM for managing licenses user can access manage license dialog from within the client.

Borrowing is allowed in the new licensing model but it can be disabled inside NLM if it's not desired. And all the error messages that were coming from Vault before will now come from the click infrastructure. And they will have enough information for the user to take action.

Some things have changed about when Vault license is obtained and when it's released. In case of Vault Explorer, license is obtained at the launch time. In case of the add-ins, like Inventor Vault Add-in, AutoCAD Vault Add-in, it is when the login dialog is launched that's when the license is obtained. And when the license is released is upon exiting an app, whether it's Inventor while you're signed into Vault, or Vault Explorer when you exit the app. That's when we can release the Vault license.

AUDIENCE: Even if you log out of there it's not releasing the [INAUDIBLE]?

ANIL CHINTAMANENI: No.

AUDIENCE: [INAUDIBLE]

ANIL CHINTAMANENI: It's not log out it's the exit of the app that's going to release license.

AUDIENCE: If you have a client open and you log in via Reddit, for example, [INAUDIBLE] two licenses or the one?

ANIL CHINTAMANENI: No. Single license, as long as you're on 2017 clients.

AUDIENCE: So if somebody doesn't close a program that's using the Vault license it will just remain [INAUDIBLE]

ANIL CHINTAMANENI: There is a time out after a 30-minute period of time. It can be configured but, yeah.

IRVIN HAYES JR: I think that clearly there are some of the understanding there too is that for Vault Professional it's going to be hard for Vault Professional to actually release the license, release the thick client because it actually does a polling in the background for ECL notifications. So that happens every five minutes. And because of that poll it's an active client. So that one will hold onto the license. Other ones, depending on the app, you might have to close it down, or it might time out.

AUDIENCE: As an admin can we force that?

IRVIN HAYES JR: You cannot force it. No. So, yeah, the question was, As an admin can you force the time out? The answer is no, you can't force the time out or force the release.

AUDIENCE: But you said it was configurable. You can change the time?

ANIL CHINTAMANENI: The time mode itself.

IRVIN HAYES JR: The time out value?

AUDIENCE: Yeah.

IRVIN HAYES JR: Well, that's configurable in NLM.

Changes in the Item BOM area of the party. There are situations where files can get into Vault without the BOM object, as we call it, essentially it's the BOMBlob or the packet of information that contains BOM data. And that is required in order for the item to have BOM when the file is promoted to an item.

When the BOMBlob is missing files can be assigned to items, but you will not have BOM when you should have bomb for those items. The workaround right now is to perform a round trip between CAD and Vault. You check out the file, you check it back into Vault, thereby creating a new file iteration.

Though push the BOMBlob to Vault, and then you perform an item update or Assign Item again in order to get the BOMBlob properly. But since it creates new file iteration, the workaround is not feasible for files that are released. So the solution is first, give the admin to block assigned operation on files that are missing BOMBlob or BOM information. Ability to search for these files that are missing BOM data. Ability to generate BOMBlob from within Vault Explorer without it having to perform a round trip between CAD manually.

Configure Assign Item. This is where the admin can go block or Assign Item for files that are missing BOM data. By default, it's turned on. And when it's turned on when user performs an Assign Item operation on a file that is missing BOM data, user will be presented with this error message.

And the way to find files that are missing BOMBlob is by using this new system property called Item Assignable. When it's set to true it means that the file has BOMBlob. When it's set to false, file is missing BOMBlob.

Generate BOMBlob. This particular feature is available only for Inventor files. You can extract BOM information from the Inventor files using the new command called Extract Item Data. This command leverages this new job type called ExtractBOM.Inventor. And it uses a job processor, obviously. For downloading the files, cracking them open, get all the relationships, get the BOM data, and then push that BOM data to Vault, instead of creating a new iteration it actually attaches the BOM data to the latest final version inside Vault.

And parent-child relationships are very important for BOM extraction. If the file is missing it's children BOM extraction does not work. Also, extracting BOM for parent doesn't mean that we can extract BOM for children as well. You have to separate all the files that are missing BOM information and then execute this command.

Configuration file. There is this new configuration file called Bom/Configuration.xml, in which all the files that can have BOM but do not have BOM can be configured. And by default it's the ACADM DWGs, ACADE drawings, and Inventor files are configured in this particular file. You can add or remove files from this particular configuration file.

And this configuration file will allow you to search for those files using this new property to see whether those files are missing BOM information or not. And also, the configuration file allows you to block Assigned Item operation for those files that are specified in the file.

You need to perform a property re-index if you have a large legacy DWG files in order to get the proper type out of them. Type meaning ACADM or ACADE DWGs. And the configuration file has additional details for you to get started.

Let's take a quick look at some other changes related to the item BOM. First and foremost, here is the block that's an item if file has no item data. By default it's checked, which means that if the file is missing BOM data user will be blocked from Assigning Item to the file.

So for example, I know that this particular file is missing BOM information. And when I perform Assign Item it says that file has no item data and I cannot proceed with the operation. And what I can do is, instead of just selecting this file, maybe there are more files that are missing BOM data in my Vault. So I'm going to perform a search using Item Assignable. It's false.

If I were you, I would actually create a saved search folder and check that folder periodically to see if there is any files that are missing BOMBlob. And use Extract Item Data to get the BOM information out of the files. And as I said, this is only available, the Extract Item Data command or the feature, is available only for Inventor files.

For the rest of the files you can still use this particular property, Item Assignable. You can find them and then you have to perform a round trip on those files in order to get the BOM data. So now these have been-- these files have been queued up for BOM extraction. Let's switch back to my presentation.

Some other changes. Factory Design enhancements. The Vault Pro 2017 extension for Factory is installed with Factory Design Suite. It allows you to create layouts using data from Vault, add overlays using data from Vault, also create assets using data from Vault.

And then, the second part of the integration is the Factory configuration file that is installed with ADMS. You import that file into Vault. That brings in certain properties that are specific to Factory integration. And you can configure Factory root libraries for the assets to reside inside Vault. So this is how you configure the root folders so that when assets are added from Factory to Vault they go into those particular folders inside Vault.

And then two custom object definitions have been created for this integration in order for you to see the relationships between the assets and the files inside Vault and also see the asset-related properties. As you can see here, there's a Factory Layout tab and Factory Asset tab. Each have their own significance with regards to Factory integration. You can get asset instance specific information, asset configuration information, and their properties by using these custom tags inside the custom objects.

Asset libraries. You can now publish new assets from Factory to Vault using this interface. And as I mentioned earlier, you can pick the folders based on the configuration setting that I showed earlier in the client in order for the assets go into Vault.

Copy existing assets. If you have existing assets that are not managed in Vault and if you want to manage them in Vault going forward, you can use this Copy command and choose the destination as Vault to move all the system assets and user assets into Vault. And once inside Vault you can place those assets from Vault within the your layouts inside Factory. And inside Vault these assets have versions, have property information that the user can leverage.

Properties on links. We introduced a new association for properties, called Link, to managed properties between two custom objects or from a custom object to a file folder or an item. Basically, wherever a link can be used today in the product between a folder and a file or item, et cetera.

This Link association is currently used by Factory integration It is not exposed to the end user, although the admin can view it in the admin interface. The end user cannot see the Link property type in the client unless they use data standard to create a custom tab and expose those link properties. And Factory integration, as I showed earlier, it already uses two custom object definitions, using which we expose those properties.

Let's take a quick look at Factory. This is the Factory configuration dialog, using which you can specify folders where the assets would go to when you publish assets from a Factory integration. Also, this is where we pull the assets from when you place assets inside your Factory layouts.

And if I go here, let me log in to Vault, they create a new layout and place some of the Vault assets that are already added to Vault. And the browser will now show Vault assets. I can browse inside Vault.

Let me pick the tire repeating station. And then I'm going to place another instance of it. I'm going to place a mechanic. And as you can see, there is Vault status indicated on these assets.

In this particular case, this Vault status means that the asset isn't Vault but it's not copied locally. You can preview the asset still and get its information but if you want to place it you have to download it. Or when you drag and drop and place it, it will automatically download for you.

Let me place this guy here and then save this layout. I'm going to skip that. Let me call it the Layout5. And then once I check this into Vault I can go see what it looks like inside Vault.

So I now have my Layout5, and it uses the two source files for the assets that I placed in the layout. If I go to my Layout tab here, which is a custom object definition called Factory Layouts, Layout5 will give me the contents that are in the layout. As you can see, two mechanics, and then two stations, and then the layout file itself. Whereas it used-- if the layout is using another layout I can see the information here.

And then the Factory Layout information tab will give you the asset information. There are two instances of standing, a total of four quantity assets for this particular layout. And then Asset Configuration will give you more information about the configuration of the asset, how a particular asset is configured.

And then the Asset Instance will give you instance-specific information. If those instances have individual or differing properties that property information can be obtained here. So if I were to-- You can get all the model-related information for the asset instance and also asset category.

And then, the Factory Asset itself will give you additional information about-- or the contents. So the asset file itself, where the asset is used. For example, the Standing guy, since it's being used in multiple layouts, all the layouts will be shown here on the Where Used tab. And then the Factory Asset Information tab will give you Asset Information, Asset Configuration information, and then Asset Instance information.

Let me switch back to Factory and show you one more thing before I go back to the presentation. So I have these system assets, for example, let me go here. This one, this is inside Vault and let me-- This particular the pipe here, the stairs indicates that it's not inside Vault. I can copy it to Vault so that I can start managing this asset inside Vault.

I pick Vault as the source and I can, based on my configuration settings here, these are the folders that I specified as folders that can contain asset libraries inside Vault. And those folders are visible here. I can now create new folders underneath by using the Factory interface, or I can just accept a default root folder, and select that.

And when this is all done, the asset is now represented inside Vault. And you can start using the asset from within Vault. All right let's switch back to presentation.

IRVIN HAYES JR: Real quick question. How many Factory users do we have in the room? Do you find this interesting or good to have? Yes. OK. Great.

ANIL CHINTAMANENI: Some Data Standard updates. Save Copy As for Inventor, numbering scheme updates. How many people are using Data Standard, by the way?

IRVIN HAYES JR: Very few. How many actually know about Data Standards but don't use it? Why? You can answer that later. But, huh?

AUDIENCE: Tomorrow's classes.

IRVIN HAYES JR: Tomorrow's class. Yes, there is another-- there is a class of what's new in Data Standards.

ANIL CHINTAMANENI: It's what's new, it's not about why Data Standard. But you can still ask the question--

IRVIN HAYES JR: It's a very, very good tool to use with Vault actually to keep your standards across for all your engineers or your designers.

ANIL CHINTAMANENI: Some other updates to Special Properties and more changes that are coming. But, yeah, as someone mentioned already, I highly recommend this class if you're already using Data Standard, or even if you are not using, go there, learn about Data Standard. And Marco Mirandola, he's a great guy to know more about Data Standard.

Update Item enhancements. In Vault 2015, I don't know how many have you noticed when we made big changes to the Assign Item operation and the interface. We removed the wizard and we came up with a dialogue. During the process we introduced this new behavior where the links get broken based on the equivalence value.

In releases prior to 2015, links remain with the item once they are assigned. Links, meaning the files remain with item once they are assigned to an item. And Item Update won't break the links even equivalence value has changed. By 2015 we said, based on some feedback and also based on some logical reasoning, we started breaking the links with Update Item.

Some did not like it. So we introduced this as a configurable option. By default we will not break links. But for someone who would like Item Update to break links whenever equivalence value has changed they can go use this setting, turn it on, so that 2015 default behavior will resume for those Vaults.

AUDIENCE: Will that have any impact with the SolidWorks plugin? We just recently ran into that with the 2017 deployment. I'm not familiar with SolidWorks but from what I've seen there's no [INAUDIBLE] by default. When you check the files in everything works fine. When you assign it to an item it works fine. When you update the item it pulls the file out.

ANIL CHINTAMANENI: That must be-- what release you're on?

AUDIENCE: 2017.

ANIL CHINTAMANENI: 2017. OK.

AUDIENCE: 2106 SolidWorks.

ANIL CHINTAMANENI: I recommend that you check the setting. But if the checkbox is checked it means that we're going to break the links. But I don't know for sure with SolidWorks integration. We have an expert here in the room.

AUDIENCE: Was the default on or off [INAUDIBLE]?

ANIL CHINTAMANENI: Off. By default it's off.

AUDIENCE: I haven't touched this so--

IRVIN HAYES JR: The SolidWorks expert is [INAUDIBLE] in the back [INAUDIBLE]. He helps design that integration. So you might want to talk to him and find out what your situation is there.

ANIL CHINTAMANENI: Thanks [INAUDIBLE] for stopping by. All right. And then Check In enhancements. In prior releases of Vault in order for the user to check the file back in to Vault, not only the user has to match but also the machine name has to match. Otherwise, the same file that the user has checked out to himself cannot be checked in by the user because the machine name hasn't matched, for example.

Going forward we are removing the restriction on the machine name. As long as the user matches you can check the file into Vault as long as you are using these applications, Vault Explorer, Inventor Add-in an AutoCAD Add-in to check the file back into Vault.

And then Checkout updates. We introduced a couple of releases ago, something called Quick Checkout, which was renamed as simply Checkout. What it did or does is it does not download the file. If you already have the file downloaded it just flips the Read only bit. If the file Read only bit is checked it's going to uncheck it so that it's going to make the file writable.

And that was causing some problems because users were accidentally executing the command on folders. And there may be some files already that are in the folders that are locally-- that are downloaded to the local workspace. And those files versions may not be the latest. So the user is actually checking out older versions of the files accidentally.

So the command is now removed from the right-click menu for Folders. It is still available on the Access menu? And another enhancement, or another check, is that if the local file version is older than the one in Vault we will not allow-- or the Checkout will be a No operation. Checkout simply does nothing.

And then, File Lifecycle State Change Rollback. This is something that we introduced in 2016. But at the time, we enabled the functionality on a single file. It was not allowed for multiple files at the same time. So Multi-select was not enabled for this particular operation. Going forward, you can now Multi-select and execute this command, Rollback Lifecycle State Change.

Given that the operation does not pull all the references, pull all the relationships, unlike Change State command, I'd recommend that if you're trying to perform Lifecycle State Change Rollback on a file and it's children, I suggest that you select the parent in the main grid and expose the User's tab. Select all the files, including parent, and then perform a rollback using Multi-select.

Copy Design improvements. For the Folder panel, New List view has been added, using which you can simply type in the destination path, or you can still browse to a destination path. You can also leverage the contextual menu to perform operations such as Copy and also Find and Replace.

AnyCAD improvements. If you have third party CAD files that are referenced inside of your Inventor models, when those items were promoted in previous releases of Vault they were being brought in as virtual components. That's not desired because they are first class citizens even though they're third party CAD files.

So going forward, those files will be treated just like any other Autodesk CAD file. With regards to item assignment, they will follow the Item Assignment rules and they'll be assigned to a particular link type. They can become primary links if that's what the rule says.

ADMS improvements. Improved password security. All the passwords that are exposed in the system configuration files are encrypted to be more secure. And then the SQL accounts for VaultSys and ADMS_%SiteName%, accounts for those passwords can now be changed using the particular interface inside ADMS console.

Installation improvements. New Auto-Fix feature will allow you to fix certain pre-checks such as IIS connection timeout and ASP status check. Admin can simply perform a re-test, which will automatically fix these issues as long as they are fixable by the Auto-Fix feature. Otherwise, admin still has the option to exit the installer and go fix the issues manually.

So we are at the end of the class. So you learned about changes to security, changes to licensing, from the item BOM enhancements, Factory integration changes, and also some other changes. Be sure to take the survey and give us feedback on this class. And then if you have any questions, please meet at the Answer Bar if we don't have time now.

AUDIENCE: Going back to security in the item master, let me know if I'm doing this wrong. But if I have a security model set up and I have items that are unreleased. And I realize that to change the security someone needs to be allowed permission. It doesn't take an effect until after you change it from released to [INAUDIBLE] released again for the state security talking to files. Is that correct?

ANIL CHINTAMANENI: That is quite so.

AUDIENCE: Is there a way to push that and modify it and want to change the security?

ANIL CHINTAMANENI: No. There is no push. We talked about something like push feature but it is not-- Any changes to state security they will not apply to the files that already have the state, or folders that already have the state, or items that already have the state. It's the subsequent change to the operation that will take the files, or items, or folders back into the state. The new changes to security will be applied.

AUDIENCE: It just seems to be a problem when you add in users and then you have a change in that security model then you may have access to files even though they're released. If you want to remove that, basically, they have to move from one cycle, from one state to another state [INAUDIBLE] refresh them.

IRVIN HAYES JR: That's true. Yes. So that's true. I think the challenge that we have there is what if it's just the opposite and you've change the security to add-- you're using the lifecycle in multiple different ways. And if you've added someone to that security state and now you might have-- if we pushed it we might have given someone security to something that they shouldn't have gotten security to.

That's why we don't want to push it down because if you're using it in multiple ways, which in 2017 you can-- and I'll show you, if you were in my class later on I could show you how-- we could be giving-- if we pushed it automatically for you, you might be getting the wrong results in other locations, which you really don't want.

AUDIENCE: OK. What time is your class later?

IRVIN HAYES JR: 3 o'clock. 3 o'clock this afternoon.

AUDIENCE: [INAUDIBLE]

IRVIN HAYES JR: So the question is if you're driving security through API are there changes we have to make?

AUDIENCE: [INAUDIBLE]

IRVIN HAYES JR: OK. So the question you're asking is if you're using the current API, and with the changes that we've made, will you have to redevelop your code to use different ones? Not necessarily. When it comes to security, the security should already be set in a specific way to where you're log in, at least your credentials don't have to change. But if you want to take advantage of some of them you probably will have to change some of your code.

The API, because when you go to 2017, we leave API in there that are 2016 and 2015 compatible. You could use those for a time period. But again, if you want to take advantage of any new features you'll have to update your API or your custom integration to use those.

AUDIENCE: Which LOD licensing changes [INAUDIBLE] Do we need to make changes to this as we go further [INAUDIBLE]

ANIL CHINTAMANENI: I'll let Irvin take that question.

IRVIN HAYES JR: All right. So the question was-- let's see if I got it right. Your current application logs in and it lets the server pull the licensing on its behalf. So you're 2016 or earlier customization, correct? So with the 2017 configuration, or with 2017, when it was released, one of the slides Anil showed is that we have N minus, which is one release or two releases back compatibility, much like the API that I was just referring to.

You can continue using that currently with 2017 and the server will still pull the licensing on your behalf. But when we get in the future that will be pulled-- that mechanism will be pulled away. It will no longer work. So you'll have to change it, I'm going to say, in probably 2019, I believe, the 2019 version.

That mechanism will no longer work. So you'll have to use the updated SDK, which then you'll be pulling your license on your client side instead of having the server pull it on your behalf. So you will have to recompile. Yeah, a question.

AUDIENCE: With the removal of the Checked out machine restriction, what happens when you have one user, and they log in in different machines. A file checked out on one [INAUDIBLE] inadvertently check in the wrong file from the other [INAUDIBLE]

IRVIN HAYES JR: Yes, you can. So the question is, with the restriction removed from the check in, where you have to check in from the same machine, will you have the ability to check in a wrong file from a different machine?

The answer is yes. So we've had this one-- So, a lot of the times when we develop Vault and we develop features, we try and protect the users from themselves. This one was-- we protected it for so long that it became incompatible, for instance, in like a Citrix environment or a virtual environment.

Or in those environments where you're a traveler. What if you're using your desktop today and you want to go home and work from home? And you're using your laptop but you have VPN access and you want to check in from your laptop. Well, you can't with the old mechanism. So we said, all right, we're going to-- people have been asking us to get rid of this restriction for years, we're going to get rid of the restriction.

So the onus is on you to make sure you check in the right files. Now I will tell you this. I believe that we put in the way that you can switch it and turn it back on. It's a manual way. There is no interfaces to do it, you have to change some configuration of files in there and change it back to from no to false to true or no to yes, or something like that. It will come back on but it's a manual setting on each and every individual machine.

AUDIENCE: You could also potentially overwrite a correct file.

IRVIN HAYES JR: Absolutely. You absolutely can. So you have to be careful.

ANIL CHINTAMANENI: The user has to be conscious enough.

AUDIENCE: [INAUDIBLE]

IRVIN HAYES JR: That is on the client.

ANIL CHINTAMANENI: On the clients, yes.

IRVIN HAYES JR: Because it's controlled by the add-in or the check in on the client side. So you have to configure-- you have to change it back if you want that restriction. So any other questions? All right. Thank you.

[APPLAUSE]