Hierarchy of Access to an Autonomous Server in the Case of Bentley

MicroStation

In the context of Bentley MicroStation, which is a CAD software used for infrastructure
design, the server architecture typically includes multiple layers of access control to ensure
security and data integrity. Below is a structured explanation of who has access to the main
server, who can retrieve logs, and how logs are shared.

1. Hierarchical Access Control to the Main Server

A company using Bentley MicroStation in an enterprise setting would typically have an

Autonomous Server (on-premise or cloud-based) managing software licenses, design data,
and logs. The access hierarchy is as follows:

A. System Administrator (Highest Authority)

 Who? IT Admins, Lead Engineers, or C-Suite Executives (e.g., CTO)

 Access Level: Full access to the main server, including software code repositories,
logs, user activity, and configurations.
 Actions Allowed:
o Modify access control settings
o View and extract log files
o Manage user roles and permissions
o Perform software updates and patches
o Provide logs to other stakeholders (if required)

B. Software Development Team (Limited Access)

 Who? Developers, Software Engineers, CAD Specialists

 Access Level: Read/write access to the codebase but limited to their respective roles.
 Actions Allowed:
o Modify specific parts of the software (if in-house development is allowed)
o Access logs for debugging (only if granted permission)
o Submit requests to system administrators for log access

C. Security and Compliance Team (Auditors)

 Who? Security officers, Compliance managers

 Access Level: Read-only access to logs for security audits.
 Actions Allowed:
o Analyze logs for security threats
o Ensure compliance with company policies and industry standards
o Generate reports but cannot modify logs

D. End-Users (Lowest Access)

 Who? Engineers, Designers, Drafters using Bentley MicroStation

  Access Level: No direct access to the server logs.
 Actions Allowed:
o Use the software with assigned permissions
o Report issues but cannot retrieve logs directly
o Request logs through the IT/Admin team if necessary

2. How Logs are Shared in this Scenario?

In the given scenario, a higher authority (System Administrator or Lead Engineer) has
access to the main server and needs to share logs. The process typically follows:

1. Retrieval from the Server:

o The administrator logs into the server hosting Bentley MicroStation.
o They navigate to the log directory (e.g., stored in a database, cloud storage, or
local server logs).
o They extract system logs, error logs, or access logs based on the request.
2. Creation of a Copy:
o The logs are either exported as a CSV, JSON, or text file.
o If needed, the logs can be sanitized (redacting sensitive info like
credentials) before sharing.
3. Secure Sharing:
o Logs are shared via a secure method:
 Email (internal email with encryption)
 Cloud-based services (e.g., OneDrive, SharePoint, AWS S3)
 FTP/SFTP servers
o If strict security is required, logs are shared only with authorized personnel
with multi-factor authentication (MFA).

3. Visual Representation of the Hierarchy

Server Access Model in Bentley MicroStation Setup

pgsql
CopyEdit
[ Main Server ]
|
--------------------------------------------
| |
[ System Administrator ] [ Security Team ]
| |
------------------------ --------------------------
| | | |
[ Development Team ] [ IT Support ] [ End-Users (No Access) ]

4. Conclusion
In this case, the higher authority (System Administrator or Lead Engineer) is the only
one with access to the main server logs. When sharing, they create a copy of the logs
instead of providing direct access to the server. This ensures:

 Data Security: No unauthorized access to the main server.

 Controlled Sharing: Only necessary information is shared.
 Auditability: The transfer can be logged for tracking.

Source: https://www.forestadmin.com/blog/user-roles-and-permissions-in-software-development/

Bently source: https://docs.bentley.com/LiveContent/web/ProjectWise%20Administrator%20Help-

v12/en/GUID-687490C3-E625-364B-333F-5E8FC75D9C5A.html?

Other sources:

https://techdocs.broadcom.com/us/en/ca-mainframe-software/traditional-management/web-
viewer/12-1/administrating/managing-role-objects/working-with-role-hierarchies-and-
understanding-role-types.html

https://www.simplilearn.com/systems-administrator-article

https://www.redhat.com/en/blog/job-levels

https://www.reddit.com/r/sysadmin/comments/1za6em/title_hierarchyprogression/?rdt=36117

https://arstechnica.com/civis/threads/structure-of-your-it-department.1188619/

https://forums.anandtech.com/threads/system-admin-team-hierarchy.257700/

https://stackoverflow.com/questions/274123/how-do-you-handle-developer-access-to-windows-
servers

https://www.mycomputercareer.edu/what-is-a-systems-administrator/