Community Tip - You can change your system assigned username to something more personal in your community settings. X
A document ment to contain best practices on the configuration of access policies. Since this is subject to personal appreciation, professional contexts, etc, it is highly likely that this document will contain contradicting opinions. At least, when other authors add their concepts as well.
These concepts are based on my experience in Windchill 9.1 (Michel Van de Wiele), and input gathered from the PTC/User mailing list.
An important requirement is that the day-by-day users have to understand why they can or can't do or see things, and maybe even more important, that the management has an understanding of it. So, the general concept should be straight forward and generic among containers.
The general idea is that objects are always to be considered as confidential, and that actions have to be allowed explicitly.
... (to be completed)
... (to be completed)
Hi HugoHermans,
Out of curiosity, is the rest of the Concept completed...???
At our organization, we are planning to clean up our existing Product Containers and Libraries.
Your feedback will be very valuable.
Regards,
PRKAC
Hi,
That is ~10 years old ... 🙄 ... djeezes, time flyes. But I will pick it up again, and let you know.
Hugo.
Thanks alot HugoHermans:)
@PRKAC I reread it, I think it's still the way I work. Some comments:
- Concept B and Concept C were ment to be completed by someone else. Apparently, no-one took the challenge.
- For Concept A, what should be added is the organisation of the ACL domains. The top-most domain should be the most restricted one, child domains should only add grant permissions. The reason is that a deny rule is difficult to overrule in a child domain.
- From the beginning, I only allow in rare cases the possibility to move objects from container/folder to container/folder. This is because security is based on the folder were the object is located. But this also helped me to educate my users not to use Windchill as they use Windows Folders.