cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

ACL's - Make automatic selection of additional permissions not the default

ACL's - Make automatic selection of additional permissions not the default

After much gentle suggesting / begging from me (for almost 15 years), PTC tech support has published new article CS247524.  We discussed many times in Windchill tech committee meetings but with no change resulting (I'm not very persuasive).

The set of properties referenced in the article were no doubt created with good intent (lots of years ago in Windchill 1.0), but in my humble opinion, have caused no end of chaos in hundreds of Windchill systems.  I always null out these properties as part of any installation / other configuration.


The complete set of properties is (shown copied from our production system, with all values null):

wt.access.permissionImplies.1=

wt.access.permissionImplies.2=

wt.access.permissionImplies.5=

wt.access.permissionImplies.7=

wt.access.permissionImplies.8=

wt.access.permissionImplies.10=

wt.access.permissionImplies.11=

wt.access.permissionImplies.13=

The most important / dangerous one of these in my opinion is this:

When you apply Revise permission at a state, the system automatically also selects Modify permission at that state.  Think about this.  At Released for example, users have to Revise in order to make a change (e.g from A Released to B In Work). They would expect to do the modifications at B In Work.  But, the system automatically also selects Modify at Released. What real business in the world has any user be able to Modify at Released?

I've shown this to many dozens of people over time, and most are amazed to see that it exists, and always carefully unselect in the Policy Admin UI what has been automatically selected, but others assume that what is automatically selected cannot be changed - and create really bizarre and complex policy sets because of it.  In addition, since the UI (applet) doesn't show all the permissions unless you maximize, the system selects many that are off the screen.

In any case, this IDEA is a request to PTC to make all these properties null be default, rather than filled in, and allow admins to configure if desired.

2 Comments
PhilippePradour
5-Regular Member

I agree - this is an obvious default expectation

mlockwood
19-Tanzanite

Hurrah, hurrah, hurrah someone else has proposed this.  I've been begging PTC to eliminate this for 15 years.

1. The logic is absolutely wrong for most companies. The most problematic one is this: When you select Revise for a state, it automatically selects Modify at that state.  Think about it - using the OTB settings, every user that needs to Revise from Released also can Modify at Released.  It's unbelievable that this is there.

2. The worst thing is that with the UI not maximized, the automatic selection makes changes that are not visible on the screen.  You select one radio button and may have 5 more selected that you didn't intend.

2. Fortunately you can easily disable this behavior.  There are a series of properties that have to just have the values set to blank.  I've showed this to countless people over the years.  I immediately change all these properties for every install that I do.  Set all like this:

wt.access.permissionImplies.1=

wt.access.permissionImplies.2=

wt.access.permissionImplies.5=

wt.access.permissionImplies.7=

wt.access.permissionImplies.8=

wt.access.permissionImplies.10=

wt.access.permissionImplies.11=

wt.access.permissionImplies.13=

At a minimum, it appears that PTC should make the automatic selection should be an option for admin's, with an easy preference to turn off.