cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

We are happy to announce the new Windchill Customization board! Learn more.

AdHoc ACL

aachanta
13-Aquamarine

AdHoc ACL

Hi All,

Please answer my questions below on ACL's

1. What is the difference between an ACL and an Adhoc ACL ?

2. How do we enable Adhoc ACL's ? Like we will have to configure the system in such a way where within one organization we will have to allow authorized users to define Adhoc ACL's for all products and libraries. So how do we implement it ? Can you please let me know regarding the same ?


Thanks in advance.


Best Regards,

Aditya Achanta

1 ACCEPTED SOLUTION

Accepted Solutions
doehr
1-Newbie
(To:satre-2)

And again, to my previous point...you won't be able to see these custom changes to access on a system-wide scale. For example, if you had defined the access rules for a particular context team role to never allow them to Revise a Part due to company policies, yet in one context someone reversed that for that role and subsequently people in that role started causing problems...you wouldn't know that access hole existed unless you remembered to manually dig through the system.

Honestly the most stable configuration you can have is the following:

-Define, by context team role, all of the allowed access

-If a particular user or group needs better access than they currently have in a specific context, just switch their role. That way everyone can tell at a glance what access they have if the role is understood, and you have system-wide consistency.

Daryl

View solution in original post

3 REPLIES 3
doehr
1-Newbie
(To:aachanta)

Hi there,

Adhoc ACLs get programmed within the Lifecycle Templates of the objects in the Access tab. And honestly, my recommendation is to NEVER EVER USE THEM. You will never be able to see them all for the various objects within one function, unlike in the Policy Administrator function where you can configure ACLs for everything in the system in one spot. It makes it far, far easier to manage. Also note that the access control has a bottom-up hierarchy; rules at a lower layer override higher layers, and if you put rules in at the Context level not only will you not be able to change them en-masse (you'll have to go into each context one by one to alter them) you won't be able to see them all.

Try to restrict your access rules to the Site, Org and perhaps PDM levels.

Daryl

satre-2
1-Newbie
(To:doehr)

Ad-hoc permission can be granted from manager security. You can grant all permission you have to someone else on any given object (not for object type) if you have change permission on object.

There is one preferment which control which permission can be granted ad-hoc from manage security.

Preference Management > Security > Access Permission Configuration

Thanks

Shreyas

doehr
1-Newbie
(To:satre-2)

And again, to my previous point...you won't be able to see these custom changes to access on a system-wide scale. For example, if you had defined the access rules for a particular context team role to never allow them to Revise a Part due to company policies, yet in one context someone reversed that for that role and subsequently people in that role started causing problems...you wouldn't know that access hole existed unless you remembered to manually dig through the system.

Honestly the most stable configuration you can have is the following:

-Define, by context team role, all of the allowed access

-If a particular user or group needs better access than they currently have in a specific context, just switch their role. That way everyone can tell at a glance what access they have if the role is understood, and you have system-wide consistency.

Daryl

Top Tags