Search K
Appearance
Model Viewing Service Account
Overview
Capture requires a service account to load and display external files during artifact review. The Model Viewing Service Account determines which system identity is used to access files, controlling what reviewers can see in the review environment.
Why Service Accounts Matter
The Problem
Users reviewing captures may need to see files they don't normally have direct access to:
- Vault files in projects they're not assigned to
- Documents in restricted folders
- CAD models requiring specific licenses
The Solution
A service account acts as the system identity for file access during review:
- Has broader permissions than individual users
- Provides consistent access regardless of reviewer
- Enables review of artifacts without changing user permissions
How It Works
During Review
When a reviewer opens the review environment:
- User authenticates - Reviewer logs in with their account
- Service account activates - System uses configured service account
- Files are loaded - Service account credentials access artifacts
- Display to user - Files shown to reviewer in review environment
Access Flow
Reviewer (limited access)
↓
Review Environment
↓
Model Viewing Service Account (broad access)
↓
Vault / File System / External Source
↓
Artifacts displayed to reviewerConfiguring the Service Account
In Template Settings
- Open the Capture Template in Console
- Navigate to Model Viewing or Service Account section
- Select service account from dropdown
- Save template configuration
Selecting the Right Account
Choose a service account that has:
- ✅ Read access to all potential artifacts
- ✅ Access to Vault (if reviewing Vault files)
- ✅ Appropriate CAD licenses (if viewing 3D models)
- ✅ Permissions to external file sources
- ✅ Stable credentials (won't expire or change frequently)
Service Account Requirements
Vault Access
For Vault-based artifacts:
- Vault user account - Dedicated service account in Vault
- Read permissions - Access to all vaults/projects where artifacts exist
- License - Appropriate Vault license assignment
- Stable password - Won't expire or require frequent changes
File System Access
For network file artifacts:
- Windows service account - Domain or local account
- Read permissions - Access to all relevant network shares
- Authentication - Properly configured in MinuteView
CAD Viewing
For 3D model viewing:
- CAD licenses - Inventor, AutoCAD, etc. (as needed)
- Software installation - Required CAD software on MinuteView server
- Configuration - Properly set up for headless viewing
Security Considerations
Elevation of Privilege
⚠️ Important: Reviewers may see artifacts they couldn't normally access
Why this is acceptable:
- Review is part of an authorized business process
- All access is logged and auditable
- Template security controls who can review
- Appropriate for role-based review processes
Example:
- Engineer creates transmittal with Project A drawings
- Manager reviews but doesn't have Project A access
- Service account provides access during review
- Manager can see drawings to complete review
- All actions are logged
Service Account Best Practices
- Dedicated accounts - Don't reuse personal accounts
- Minimal additional access - Only what's needed for review
- Monitor usage - Regular audit of service account activity
- Document configuration - Who configured, why, what access granted
- Review periodically - Ensure access levels remain appropriate
Common Configurations
Configuration 1: Single Vault System
Environment: One Vault server, all files in Vault
Service Account:
- Vault user:
mv_capture_viewer - Permissions: Read-only to all vaults
- License: Basic Vault CAL
Use for: Most standard implementations
Configuration 2: Multi-Vault Environment
Environment: Multiple Vault servers or external file sources
Service Accounts:
- Primary:
mv_capture_vault - Secondary:
mv_capture_files
Configuration: Multiple service accounts in MinuteView, assign per template based on artifact source
Use for: Complex environments with multiple data sources
Configuration 3: CAD Model Viewing
Environment: Need to view 3D Inventor models
Service Account:
- Vault user:
mv_capture_cad - Permissions: Read-only Vault access
- Licenses: Inventor View or full Inventor license
- Software: Inventor installed on MinuteView server
Use for: Templates where 3D model viewing is required
Configuration 4: Minimal Access
Environment: Templates with no external artifacts (form data only)
Service Account: None required or minimal local account
Use for: Captures that don't include external file artifacts
Troubleshooting
Artifacts Don't Load in Review Environment
Check:
- Is service account properly configured in template?
- Does service account have read access to artifacts?
- Is service account authentication working?
- Are artifact file paths correct?
- Is Vault connection active?
Diagnostic steps:
- Test service account login manually
- Check MinuteView logs for authentication errors
- Verify file permissions
- Confirm Vault connectivity
Some Artifacts Load, Others Don't
Check:
- Do all artifacts come from same source?
- Does service account have access to all artifact locations?
- Are artifacts in different vaults/projects?
- Mixed Vault and file system artifacts?
Solution:
- May need multiple templates with different service accounts
- Or expand service account permissions
3D Models Don't Display
Check:
- Is CAD software installed on MinuteView server?
- Does service account have CAD license?
- Is model file format supported?
- Are model dependencies available (assemblies, references)?
Common issues:
- Missing CAD license assignment
- Software not properly configured for headless operation
- Referenced files not accessible
Performance Issues
Check:
- File sizes of artifacts
- Network latency to file sources
- Number of artifacts in capture
- CAD model complexity
Optimization:
- Consider file size limits
- Optimize network connectivity
- Use appropriate CAD viewing settings
- Implement caching if available
Service Account Maintenance
Regular Tasks
Quarterly:
- Review service account access levels
- Verify accounts are still active and authenticated
- Check for expired passwords
- Review usage logs
Annual:
- Full security audit of service accounts
- Reassess access requirements
- Update documentation
- Review with security team
Password Management
For service accounts:
- Use strong, complex passwords
- Configure for no expiration (where policy allows)
- If expiration required, set long expiration (1+ years)
- Document password change procedure
- Test after any password changes
Monitoring
Monitor service account for:
- Failed authentication attempts
- Unusual access patterns
- Excessive file access
- Access outside normal business hours
Advanced Scenarios
Dynamic Service Account Selection
Requirement: Different artifacts need different service accounts
Solution:
- Use multiple templates with different service accounts
- Route captures based on artifact type or source
- Implement workflow logic to select appropriate template
External System Integration
Requirement: Artifacts in non-Vault systems (SharePoint, PLM, etc.)
Solution:
- Configure MinuteView integration with external system
- Set up service account with external system access
- May require custom connectors or APIs
- Test connectivity and authentication
Temporary Elevated Access
Requirement: Reviewers need temporary access beyond normal permissions
Solution:
- Use service account to provide access during review
- All access logged and auditable
- Access automatically revoked when review complete
- Appropriate for authorized business processes
Next Steps
Continue with configuration topics:
- Capture Environments - Choose between Legacy and Modern environments
- Artifact State Rules - Configure artifact validation
- Fields & Custom Columns - Customize metadata capture