cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

We are happy to announce the new Windchill Customization board! Learn more.

Access Policy added to Role does not apply, only to Group!

lgrant
14-Alexandrite

Access Policy added to Role does not apply, only to Group!

Anyone seen this in WC11 M010?

If I add a policy to a Role in a container then the members of the group in that role don't get the access, if I add the same policy to the Group then they do!

Same for for OOB roles and new Roles that we have added.

I have tired at container, Org and Site policy with no luck.

I first notice this when members of a group could not see the Groups under the Roles {Says (Secured information) ]. When I allow Read for type Group for the role nothing changed, when I add it to the group then they could see the name of the Groups under the roles. Crazy.

Any ideas?

4 REPLIES 4
MikeLockwood
22-Sapphire I
(To:lgrant)

In Policy Admin, are you for sure applying the ACLs to the "Context Team Role" on the Roles tab?  Assuming so, are the user groups mapped to that Role in the Product/Library?

lgrant
14-Alexandrite
(To:MikeLockwood)

Hi Mike,

Yes I am sure the ACL was applied to the Role in that context as I only added that new Role to that context.I also tried it on some OOB roles just to check.

Its as if somehow the ACL is not applied to the Group thats in the Role.

MikeLockwood
22-Sapphire I
(To:lgrant)

Definitely frustrating - have seen lots of things like this over the years.

Only other suggestions are:

- Use Manage Security a lot to track down exactly what ACL's are being applied to specific groups / users

- Remove, then re-add the ACL and see what this does (shouldn't have to do this but sometimes it lends light to the situation)

lgrant
14-Alexandrite
(To:lgrant)

Made some headway on this.

First I removed all the extra roles in the context that I was not going to use. Then I added the new Roles in ALL the context. I was then able to apply a policy to that Role and it worked. I then added a test Group to place in the role.

I also Hide all the Role I was not going to use.

For now, it seems that I can use the Org level Policy.

The one thing that makes this difficult in 11 is having Windchill find (display) the role I want to add the Policy to. You type in the name and sometimes nothing displays, I then type in another name and wait for the Advanced Search to pop up so I can type in the correct name. Chrome seems to be a bit faster at this then IE.

Top Tags