Need the ability to suppress the visibility of a published drawing viewable based the user's access

This is not possible when all of the assembly objects are published into a single representation.  To get around this, switch your assembly publishing to use positioning assemblies (or extended positioning assemblies).  Once you do, each file will be individually loaded into Creo and files the user doesn't have access to simply won't appear.

The assemblies are currently being published as positioning assemblies.  This has addressed the issue with the viewables associated with the assembly.  The problem that I am trying to address is that the drawing of the assembly is published as a pdf, and when the pdf is generated it shows all the assembly objects the user checking it in has access to.  Ideally the behavior would be the same as when a user checks out the drawing and views it in Creo, where they only see the components in the drawing they have access to.  Unfortunately, since the pdf is static, that isn't possible, but I am looking for a way to prevent a user from seeing the published pdf if they don't have access to the entire assembly.

Ah, okay.  Apparently I didn't read the idea carefully enough the fist time.  So you want the ability to control access to representations (and additional files) based on the user's combined permissions to all of the object's other dependencies.  Seems like that type of complex permissions query every time someone accessed a file would be difficult and really slow the system down.  Imagine having to check the permissions on 50,000 objects prior to being able to open one drawing...

This has been discussed in the TC's for several years.  There are many companies that have a use case where the representation (thumbnail or full representation) should have different permissions than the meta data on the object.  Think of this as the relationship to read an object v.s. download.  I may have the permission to read the information page but does that always mean I have the permission to access the published content?  What about life cycle state as well, read at In-Work but access to the publishable only at released.

Can this be addresses by using Security Labels on your files and viewables with user permission groups?

No.  A Security Label is a go/no go test before the access controls are assessed.  So either I pass or fail to pass the label, there is no condition on passing (e.g., pass to see info page only or pass to see primary content).  I have heard of companies creating a custom solution for this but the access permissions to the viewables is not addressed OOTB (e.g., in the domain access controls, ad hoc access controls, or in security labels).  Interestingly I can limit the access to attributes by configuring a profile to a group, but there is no such thing for the viewable.  It seems an over site in the design of Windchill that I can limit access to an attribute but must allow those with Read access to use the viewable (e.g., PDF of a document, CAD viewable, etc.) which provides lots of information an attribute would not.

Hello,

We are archiving your idea as part of a general review. This action is based on the age of your idea and the total number of votes received, as per this announcement.

You can always post a new idea with all the details required in the form.

Thank you for your participation.