So, let's say I am in a fairly restrictive environment which means user do not have global read access to all data. 200+ Product contexts containing a complete list of CAD, Parts, BOMs and document content (Program data). So, when I search for things, I only get back what I currently have read access to at that time. Works as it should.
But let's say that I need to do some data mining. I am in Engineering and I am looking to see if we've done some type of analysis or a report from user X or if we solved a failure previously on an old program. This body of content has huge potential for Engineering to learn from past as opposed to people keeping it in their heads.
So, is there a way for users to search (thinking SOLR here) for content, get hits that it exists BUT prevent them accessing content directly? I understand that this does open crack in security wall for exploit, trade offs I guess. In my head I see that it says I got a hit on doc XYZ but user lacks access to it. Then they should follow proper channels to get access to what they are looking for. It might be possible with a generic login account specifically configured, for example, to prevent download but can see all meta data and indexing. Thoughts?
Provide Read access to CAD Docs but not Download.
Provide Read access to published viewables - Derived Image - so all can be viewed.
Why access to viewables? that can open up access to view prohibited content? or does that still block download in Creo view?
If you create a query builder report, you can decide to show data regardless of whether the objects are visible in contexts.
This way users can know if an object exists, and see the metadata you put in the report, but they can't access it.
We work in this way
@avillanueva , IMO @Marco_Tosin solution is the most elegant one.
you can bypass access inside the report without the user knowing.
It is just metadata and you do not expose anything else.
Just poking on the solution at bit. That would work for database attribute data but not SOLR index data. You would be limited to only fields in that report. Yes, worth exploration.
How can you get the "bypass access" control to work? I find the article 292726 difficult:
Which is the easiest option to get this working in WC12.0.2?
thanks -- Rick
You can simply edit your QML file and check if the second line starts like the one below in red
<?xml version="1.0" encoding="UTF-8" standalone='yes'?>
<qml bypassAccessControl="true" caseInsensitive="true" addTimeToDateFields="false" mainType="Part" joinModel="false" xsi:noNamespaceSchemaLocation="qml.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
We have several QB reports like that but it does not work. Probably because we have not enabled a group to use that. We have not configured advanced reports as described in the article. Which is the easiest way to get this working?
cheers -- Rick
Here an example on how to create a group to edit QB reports
Most of our reports were created at Organization level and very few at Site