cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Your Friends List is a way to easily have access to the community members that you interact with the most! X

ACL to restrict browsing through Archives

ACL to restrict browsing through Archives

Status: Acknowledged Submitted by 11-Garnet on ‎Aug 12, 2016 08:20 AM
11 Comments (11 New)

Many projects store confidential files in Integrity Source.

Therefore access to these files has to be restricted.

Reading the file content can be restricted with the ACL permission FetchRevision.

For most projects this is not enough. Most projects want that only permitted users are allowed to navigate to confidential files.

Opening the project can be restricted with the ACL Permission OpenProject.

Unfortunately this does not work for archive.

Even one cannot access a project because he does not have the OpenProject permission, he can use "Add From Archive" to navigate through the whole Integrity archive.

 

An additional ACL permission, similar to OpenProject, but for Archives, would be very helpful.

See more ideas labeled with:
11 Comments
skamaraj
10-Marble
10-Marble
‎Aug 13, 2016 10:19 AM
‎Aug 13, 2016 10:19 AM

Hello Markus Kiessling‌,

I think you are not aware of the permission configuration for archives. It shall be possible to restrict the user/groups from "sharing the archive".

Just open the Admin Client ==> Navigate to "Configuration Management" ==> Permissions ==> Archives

Now just right click and "Create" and select the sub project under which the confidential members are available.

Now just deny the access as you require,

ArchiveAccess.png

This should work.

I hope this idea is already implemented and in use now

Regards,

Sathish

mkiessling
11-Garnet
11-Garnet
‎Aug 16, 2016 02:35 AM
‎Aug 16, 2016 02:35 AM

Hi Sathish,

thank you for your reply.

We already use Archive-ACLs. But unfortunately these permissions do not fit to our needs.

We want to prohibit navigating though the archive.

Navigating through the archive shall not be disabled for the whole repository, but on a user defined project level.

Regards

Markus

skamaraj
10-Marble
10-Marble
‎Aug 17, 2016 11:20 PM
‎Aug 17, 2016 11:20 PM

Hi Markus Kiessling‌,

Ya yes I agree your point. There is no way in preventing from navigating the archives.

But I confused why its actually needed , because even-though they could browse, its not possible to read its content (by adding the archives) / duplicate the archives. Anyway its not hidden, but somehow its protected. Its just I thought.

Regards,

Sathish

mkiessling
11-Garnet
11-Garnet
‎Aug 18, 2016 02:55 AM
‎Aug 18, 2016 02:55 AM

Hi Sathish Kumar Kamaraj‌,

our projects request this feature, because the archive names (and project structure) provide already information, which shall not be available to everyone.

E.g.

Contract_SupplierA.pdf

Application_JohnDoe.pdf

Regards

Markus

skamaraj
10-Marble
10-Marble
‎Aug 18, 2016 04:45 AM
‎Aug 18, 2016 04:45 AM

Hi Markus Kiessling‌,

That's fine. This clarified my doubt.

Regards,

Sathish

khoppe
14-Alexandrite
14-Alexandrite
‎Sep 28, 2016 08:46 AM
‎Sep 28, 2016 08:46 AM

Hello Markus,

the setting you are searching for is afaik part of the server's property file  "si.properties"

which controls on server level whether it is allowed to surf through archive directory.

I think you will find the following entry:

          # Is client allowed to surf the repository?

          si.repositoryBrowsingEnabled=true

Choosing false should prevent this for ALL.

DisadvantageSurfing isn't allowed for anyone.

MAy PTC Support knows how to better use this option ?!?

mkiessling
11-Garnet
11-Garnet
‎Oct 07, 2016 03:48 AM
‎Oct 07, 2016 03:48 AM

Hi Klaus Hoppe‌,

thank your for your hint regarding the entry in the si.properties file.

We had (before creating this idea) already contact with the PTC support.

They gave us the same hint.

Setting si.repositoryBrowsingEnabled=true would solve the use case "prevent users from browsing through the archive of other projects".

Unfortunately this option would also cause other problems.

For example reading dropped files within one project would become quite difficult, which is a significant impact to daily work.

For this reason PTC support gave us the advice "open an idea"

Regards

Markus

Siddharth
9-Granite
9-Granite
‎May 10, 2017 01:15 AM
‎May 10, 2017 01:15 AM

Markus Kiessling‌ Thanks for submitting this idea. We're currently working on introducing new web UI for Integrity Lifecycle Manager - wherein Requirements Management enhancements is first priority, with Source improvements being next. Your idea will be considered for that project !

khoppe
14-Alexandrite
14-Alexandrite
‎May 10, 2017 02:25 AM
‎May 10, 2017 02:25 AM

I would like to vote for this idea which is not possible with state "For Future Consideration".

Can you add my vote instead?

Siddharth
9-Granite
9-Granite
‎May 10, 2017 02:29 AM
‎May 10, 2017 02:29 AM

There's no way for me to mark your vote either. However, your last comment will be retained as it is - which shows you're also interested in this idea.

Siddharth
9-Granite
9-Granite
‎Jan 10, 2020 03:42 AM
‎Jan 10, 2020 03:42 AM
Status changed to: Acknowledged