Community Tip - Need to share some code when posting a question or reply? Make sure to use the "Insert code sample" menu option. Learn more!
The US Government may impose an Export Restriction on data for various reason. In addition, Proprietary restrictions also are required by Parker Hannifin.
The need is to control access to data, based on employer, employer legal residence, and user legal residence.
By default, all Parker US data should only be shown to Parker Employees with US Legal Residence.
After review of data by our Export Control Administrators, data can be shared.
For demonstrations' sake, allow a minimum of three categories of data. And arbitrarily, 5 groups of people with unique authority to export.
Categories of Data
1) Parker military use restricted data, 2) Parker technologically restricted data, and 3) Parker propriety data.
a) Parker US, b) Parker Foreign National, c) Vendor US, d) Vendor CA, e) Vendor foreign national with exception license to see Project C data
Project A - access set or all
System A Parker Proprietary data
System B Parker Proprietary data
Project B - access set for a) Parker US
System A Parker Military data
System B Parker Military data
Project C - access set for a) Parker US, e) Vendor foreign national with exception license
Project D - access set for a) Parker US, d) Canadian Vendor
This would require an administrator to create a Project for every program and data type. Also requiring users to create systems in the correct project.
This Product Idea would be our ideal solution
Administrators would create a Project for Category of Data
1) Parker military use restricted data
2) Parker technologically restricted data
3) Parker propriety data
Engineers would then create a System, which inherits access from Project, for each program in the appropriate Category
1) Project - Parker military use restricted data with permission for .. a) Parker US
System -program A, permission inherited
System -program B, permission inherited
2) Project -Parker technologically restricted data with permission for ..a) Parker US, c) Vendor US, d) Vendor CA
System -program C, permission inherited
System -program D, permission inherited
System -program G, permission inherited
3) Project -Parker propriety data with permission for ..a) Parker US, b) Parker Foreign National, c) Vendor US, d) Vendor CA, e) Vendor foreign national
System -program E, permission inherited
System -program F, permission inherited
System -program H, permission inherited
When an exceptions is granted to system/program by export administration....
System -program B, a) Parker US, e) Vendor foreign national w/ exception license for program B
Since there are dozens of programs and only a few categories of data, system administration is kept to a minimum. (few)
The engineering community could minimize adherence efforts as systems would default to the correct access. (dozens)
Export administrators could manage licenses on data without the need to move or create a new Project for each exception license granted. (hundreds)
Have you looked at the use of Security Labels for your data protection requirements? They extend beyond what is available from just ACLs and Windchill groups/teams. They are applied at the document level and can give warning messages when someone tries to open a document they should not have access to.
Check out this PTC document: PTC Windchill Security Labels Configuration and Implemetation Guide.
May be you can take a look at A&D Template. I am not sure whether it is available now or not, But We have customized that in Windchill 8.0
Note: This product idea is for Windchill Quality Solutions Enterprise Edition. Many times shortened to the acronym WQS.
Security Labels look like a good idea - I wish they were available for WQS. Also a default to the most restricted security is required in our business.
We are archiving your idea as part of a general review. This action is based on the age of your idea and the total number of votes received, as per this announcement.
You can always post a new idea with all the details required in the form.
Thank you for your participation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.