cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Access Policy added to Role does not apply, only to Group!

Aquamarine

Access Policy added to Role does not apply, only to Group!

Anyone seen this in WC11 M010?

If I add a policy to a Role in a container then the members of the group in that role don't get the access, if I add the same policy to the Group then they do!

Same for for OOB roles and new Roles that we have added.

I have tired at container, Org and Site policy with no luck.

I first notice this when members of a group could not see the Groups under the Roles {Says (Secured information) ]. When I allow Read for type Group for the role nothing changed, when I add it to the group then they could see the name of the Groups under the roles. Crazy.

Any ideas?

4 REPLIES 4

Re: Access Policy added to Role does not apply, only to Group!

In Policy Admin, are you for sure applying the ACLs to the "Context Team Role" on the Roles tab?  Assuming so, are the user groups mapped to that Role in the Product/Library?

Re: Access Policy added to Role does not apply, only to Group!

Hi Mike,

Yes I am sure the ACL was applied to the Role in that context as I only added that new Role to that context.I also tried it on some OOB roles just to check.

Its as if somehow the ACL is not applied to the Group thats in the Role.

Re: Access Policy added to Role does not apply, only to Group!

Definitely frustrating - have seen lots of things like this over the years.

Only other suggestions are:

- Use Manage Security a lot to track down exactly what ACL's are being applied to specific groups / users

- Remove, then re-add the ACL and see what this does (shouldn't have to do this but sometimes it lends light to the situation)

Re: Access Policy added to Role does not apply, only to Group!

Made some headway on this.

First I removed all the extra roles in the context that I was not going to use. Then I added the new Roles in ALL the context. I was then able to apply a policy to that Role and it worked. I then added a test Group to place in the role.

I also Hide all the Role I was not going to use.

For now, it seems that I can use the Org level Policy.

The one thing that makes this difficult in 11 is having Windchill find (display) the role I want to add the Policy to. You type in the name and sometimes nothing displays, I then type in another name and wait for the Advanced Search to pop up so I can type in the correct name. Chrome seems to be a bit faster at this then IE.

Announcements
LiveWorx Call For Papers Happening Now!