cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Visit the PTCooler (the community lounge) to get to know your fellow community members and check out some of Dale's Friday Humor posts! X

Translate the entire conversation x

Creating an Site/org admin with no data access

avillanueva
23-Emerald I
23-Emerald I
‎Mar 04, 2010 06:07 PM
‎Mar 04, 2010 06:07 PM

Creating an Site/org admin with no data access

I am wondering if its possible to create a Site and/or Org admin that is
not able to view product or project data or even the products and
projects at all. Typically, if you are an admin, you can view all
information, right? I am looking to configure an admin who can do the
high level work but not necessary view information that is being
generated at the lower level. Is there anything special to setup or
will this not work?

Labels:
0 Kudos
Notify Moderator
2 REPLIES 2
MikeLockwood
22-Sapphire I
22-Sapphire I
(To:avillanueva)
‎Mar 04, 2010 06:12 PM
‎Mar 04, 2010 06:12 PM

We have the same desire - haven't yet found a way.
0 Kudos
Notify Moderator
RussPratt
8-Gravel
8-Gravel
(To:avillanueva)
‎Mar 05, 2010 10:29 AM
‎Mar 05, 2010 10:29 AM

Try the following,

Create a new site admin user (please don't mess with wcadmin, or you may get into a spot you cannot readily recover from), remembering to add that user to the Administrators Group.

Create Deny Read rules in the Org Default Domain, and possibly the Org Private domain, for the objects; Project2, Library and PDMProduct. This will "hide" the application contexts themselves.

Create Deny Read rules in the Org Default and Private domains for the business objects; docs, parts, etc. that you do not want the admin to read. Don't use WTObject, or you may well get behavior you don't want.

You may have to vary the exact domains in which you create the deny rules depending on whether you want the site admin to also act as org admin. The example given may be overly restrictive for an org admin, but you could move the rules down a domain level.

Keep in mind though, that there may be some administrative UI's which still expose the application contexts to some degree. Policy Admin comes to mind.

Again, do NOT restrict the primary admin user, wcadmin, in this manner or you will find yourself in trouble at some point in time.

0 Kudos
Notify Moderator
Announcements

Contact Community Management
Top Tags