We configured a role ACL to read epmdocument only and not download.
In testing the role, the user accesses the CAD doc and there is a fail notice, yet the CAD doc is added to workspace with errors (see attachment)
We think it would make sense (and make better security) if nothing (including the metadata) is downloaded in a workspace if the user doesn’t have download rights.
I agree that this makes sense, but may be a little bit challenging to implement.
System has to first determine for each model / drawing requested:
- what is correct version per selected config spec (latest, as stored, baseline, etc.)
- does user have READ for that version at its current state; if not repeat for next latest version
Then, if you're using replication:
- where is the file to be pulled from
Essentially, it has to add one more line of process:
- Given that the user has READ access, do they also have DOWNLOAD access for this version, at its current state? If not, loop back.
Hopefully PTC will be able to implement this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.