cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Access Policy Report

avillanueva
Alexandrite

Access Policy Report

I am looking for some SQL that will output a nice Access Policy report
from PDMLink 8.0. It looks like everything is in the ACCESSPOLICYRULE
table. The problem is the EntrySet column appears encoded. What I am
trying to do is check the ACLs on about 50-60 Product areas to make sure
things are consistent. If SQL is not possible, I probably can do it via
Java code but I rather not. Its just a quickie report. I will probably
want to dump it to Excel for analysis.

21 REPLIES 21

Access Policy Report

Antonio,

I have a query builder report that should give you what you are looking for. I have the criteria set to only pull the contexts with the Library or Product in the name. You may need to adjust this based on your naming convention. I have embedded this report in excel to compare access across contexts and it works great.

Hope this helps,
Dax Williams
Lifetime Products

Access Policy Report

Thanks Dax, I was able to take what you sent and rework this into an SQL
query. See if I got this right. In my case, I am using team roles which
really are groups to the system. I do not use negative rights so I did
not need to show that. Maybe in Excel I can expand the permission mask
to a more readable form. One question, you had displayed the mask as
well as a permissions column. I only saw permissions mask in the
database. What is the difference in your report?



SELECT PDMLINKPRODUCT.NAMECONTAINERINFO PRODUCTNAME,
ACCESSPOLICYRULE.CLASSNAMEA5 OBJECTTYPE, ACCESSPOLICYRULE.STATENAMEA5
STATE, WTGROUP.NAME GROUPNAME, WTACLENTRY.PERMISSIONMASK

FROM

WTACLENTRY, WTGROUP, ACCESSPOLICYRULE, PDMLINKPRODUCT,
ADMINISTRATIVEDOMAIN

WHERE

ADMINISTRATIVEDOMAIN.IDA3CONTAINERREFERENCE = PDMLINKPRODUCT.IDA2A2 AND

ACCESSPOLICYRULE.IDA3DOMAINREF = ADMINISTRATIVEDOMAIN.IDA2A2 AND

WTACLENTRY.IDA3B3 = ACCESSPOLICYRULE.IDA2A2 AND

WTGROUP.IDA2A2 = WTACLENTRY.IDA3A3


Access Policy Report

Antonio,
I have included a screenshot of the report. I am not using the permission mask. When I wrote the query, I believe I added it just in case the permissions column didn't give me the results I needed. We only use the permissions that are called out in the header. In excel, I perform a replace on those identifiers to the name of the permission.

Report Manager allows you to import and export the .qml files. If import is not available, set the wt/report/manager/showImportExport preference to "True". TPI 140320<.">https://www.ptc.com/appserver/cs/view/solution.jsp?n=/140320.htm>.

[cid:image003.jpg@01C8D2AA.89927810]

SUMMARY- Access Policy Report

Ok. The query below works and I was able to create the following pivot
table in Excel.



You can see my Product names slanted at the top. Dax, you had the
following mapping:

Permissions [-1]=Full Control [0]=Read [1]=Modify [2]=Create [5]=Delete
[7]=Revise

I am not sure I am outputting this correct since the numbers don't make
sense. It might be that this is some binary encoding. I think it gets
funny when there is more than one right per entry.


SUMMARY- Access Policy Report

Antonio,
If you use the WTAcl Entry.Permissions rather than the WTAcl EntrypermissionMask, you should be able to make sense of it all. The screenshot below shows a pivot of the report. I queried wt.doc.WTDocument and replaced the Permission identifiers with the name of the permission.

[cid:image004.jpg@01C8D2AE.F6E3DD10]

Access Policy Report

Thought I should share this to the forum in case anyone else is having an issue with the criteria.

Access Policy Report

Try changing the attribute from Administrative Domain Name to Context.Context Name (name) as shown in the attached screenshot. It appears that the Administrative Domain Name is not easily searchable.

[cid:image001.png@01C8D2EC.2F59D3B0]

RE: SUMMARY- Access Policy Report

Dax ,

I am getting the Permission identifiers for "WTAcl Entry.Permissions" column. How do we replace the Permission identifiers with the name of the permission?



Thanks,

Sanjay


RE: SUMMARY- Access Policy Report

You can also use the WinDU utility to generate Domain Policy Rules report. (Requires PDMLink 8.0 M040 or above for generating Domain Policies report)


Check the attached file for a sample.



Regards,

Prathap

In Reply to:

Dax ,

I am getting the Permission identifiers for "WTAcl Entry.Permissions" column. How do we replace the Permission identifiers with the name of the permission?



Thanks,

Sanjay


SUMMARY- Access Policy Report

Sanjay,
We import the report into excel as a web query. From there, we perform a "Find and Replace" where we replace the permission identifiers with the name of the ACL. Those identifiers map as follows:

[-1] = Full Control
[0] = Read
[1] = Modify
[2] = Create
[5] = Delete
[6] = Administrative
[7] = Revise
[8] = New View Version
[9] = Change Permissions

Hope this helps,
Dax

Access Policy Report

Hi James,
Attached is a new .qml file, which has the Context joined to the Administrative Domain. I also removed the following criteria, which is why you were not getting any results when you ran the report.

Context Name Like *Library*
Context Name Like Products*
Context Name Like MANUFACTURING EQUIPMENT

I pointed out to Antonio that this criterion would need to be modified to meet the naming convention of your company. I should have just removed it to avoid confusion.

Hope this helps,
Dax

Access Policy Report


I thought I had removed the Criteria filters but apparently I had not, because the file attached below works. I do appreciate your response.

Thanks,

James


Dax Williams <->


Dax Williams <->
07/01/2008 01:21 PMPlease respond to
Dax Williams <->
To
"James.Little@corning.com" <james.little@corning.com>, "-" <->
cc

Subject
[solutions] - RE: Access Policy Report
Hi James,
Attached is a new .qml file, which has the Context joined to the Administrative Domain. I also removed the following criteria, which is why you were not getting any results when you ran the report.

Context Name Like *Library*
Context Name Like Products*
Context Name Like MANUFACTURING EQUIPMENT

I pointed out to Antonio that this criterion would need to be modified to meet the naming convention of your company. I should have just removed it to avoid confusion.

Hope this helps,
Dax

RE: SUMMARY- Access Policy Report

Dax,

Thanks a lot for this information. It surely helps to understand the mapping for permission identifiers with name of permission.

Please refer to the attached screenshot where for the particular type it shows permission identifiers as [0, 10, 1, 11, 2] . (Highlighted in red box)


How to interpret these double digit numbers 10,11 and 12 in the permission identifiers with respect to the below mapping?


Thanks in advance,

Sanjay





Sanjay,
We import the report into excel as a web query. From there, we perform a "Find and Replace" where we replace the permission identifiers with the name of the ACL. Those identifiers map as follows:

[-1] = Full Control
[0] = Read
[1] = Modify
[2] = Create
[5] = Delete
[6] = Administrative
[7] = Revise
[8] = New View Version
[9] = Change Permissions

Hope this helps,
Dax

SUMMARY- Access Policy Report

Sanjay,
The permissions (10,11, and 12) are not available to us in 8.0 M050. Compare the output of your report to the permissions in the policy administrator to find out what these identifiers mean.

You can also look at the "access" package in Rational Rose. The WTPermission Class should show you the mappings.

">http://YourWindchillDomain/Windchill/wt/clients/library/model/cat4161adbf0321/cat336759c6031e/clas...


I would be interested in hearing what you find.

Thank you,
Dax

SUMMARY- Access Policy Report

The AccessPermission class has all of the mappings. The WTPermission class is missing a few.

RE: SUMMARY- Access Policy Report

Dax,

Thanks a lot. I could get the required information in the package.

Please find the attachment for all the permission mappings with permission identifiers.



Thanks,

Sanjay







In Reply to:

The AccessPermission class has all of the mappings. The WTPermission class is missing a few.

http://YourWindchillDomain/Windchill/wt/clients/library/model/cat4161adbf0321/cat336759c6031e/class3...

ProE embedded browser performance issue.

One of our customers rolled out Java 1.6_12 and IE8 more or less at the same
time frame and users are challenged with severe Windchill performance issue
especially with ProE embedded browser. Are there any others in the field
notice the performance issues with Java 1.6_12 or IE8. Any
insight/recommendations for tracking down/fixing the root cause is highly
appreciated.



Thanks in advance and Best Regards

Swamy Senthil

Principal Solutions Architect

909 800 8423(M); 909 389 4651(H); 973 324 2729(W); 866 908 6561(F)



ProE embedded browser performance issue.

A couple of thoughts:

1. 1.6.12 is ancient -- the latest version is 1.6.23.
* Do note, however, that all but the latest R9.1 MOR require
temp patches to work properly with 1.6.19 and higher
2. If you're looking for the root cause, then some comparison testing
is in order:
* Embedded IE8 + 1.6.12 vs. the latest supported Firefox + 1.6.12
* Embedded IE8 + 1.6.12 vs. the previously used Java Plug-In
version
* Embedded IE8 + 1.6.12 vs. 1.6.23
* etc...

--
Jess Holle

ProE embedded browser performance issue.

Jess,
Does this mean that temp patches are required to run 1.6.23 with 9.1 M050? If so, what patches are required and where do you get them?

Thanks,
Mark

RE: SUMMARY- Access Policy Report

Hello,


I woud like to share "just another access control rules report".


This can be used directly from browser and with bit of the code modification it can serve for generating the xml load files.


The report presents the data the same way as the PTC Policy Administration utility.



Pavel

RE: SUMMARY- Access Policy Report

I opened the AccessPermissionRB.rbInfo & it provided a longer list

-1.value=Full Control (All)
0.value=Read
1.value=Modify
2.value=Create

5.value=Delete
6.value=Administrative
7.value=Revise
8.value=New View Version
9.value=Change Permissions
10.value=Download
11.value=Modify Content
12.value=Change Domain
13.value=Create By Move
14.value=Change Context
15.value=Set State
16.value=Modify Identity

L Jett

Announcements