Delete ACL applies to all except participant by delete acl utility.java
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Delete ACL applies to all except participant by delete acl utility.java
Version: Windchill 12.0
Use Case: Delete the ACL in domain by using Utility by running windchill command in shell
Description:
Hi,
we had a utility for deleting ACL, we are using this for deleting ACL from backend in various domains.
that utility is deleting Group assigned ACL and Role assigned ACL, but it is not deleting ACL which is group assigned ACL applies to "All except participant" principal.
when we tried to run ACL delete utility, it is returning error for above applies to "All except participant". error message is "Resource bundle/Message key = wt.access.accessResource/38".
I need a suggestion on this to how to solve this and how can i change or implement the logic to delete the ACL which is applies to "all except participant" and have absolute deny permission sets by this utility.
Used API is:
AccessControlHelper.manager.deleteAccessControlRule(localAdminDomainRef, objType, localState,
localWTPrincipalReference, false);
getting logs from my delete utility where it fails:
deleteACL |
ALL Parrameters :wt.fc.WTObject |
sLCState: ALL |
localState :null |
localWTContainerRef :Common_Startmodels |
localAdminDomainRef :Hairpins |
Get Internal Role or Group Name |
groupForName = EPT Startmodels Hairpins SF Pool Grp |
localWTPrincipalReference :EPT Startmodels Hairpins SF Pool Grp |
ERROR: Couldn't find rule! Message: Resource bundle/Message key = wt.access.accessResource/38 |
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
I got the usage of API of this delete AccessControlRule:
AccessControlHelper.manager.deleteAccessControlRule(localAdminDomainRef, objType, localState,
localWTPrincipalReference, false);
here in above false represents allExceptprincipal is false.
for deleting all except participant ACL, we need to use true in place of false
AccessControlHelper.manager.deleteAccessControlRule(localAdminDomainRef, objType, localState,
localWTPrincipalReference, true);
but for this, i need to get the ACL, if it had allExceptPrincipal is true or false, as per this, we need specific logic to use above API.
AccessControlHelper.manager.getAccessControlRule(localAdminDomainRef, objType, localState,
localWTPrincipalReference, boolean)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Are you using the GUI or a command line to do the deletion? How many ACL lines in total do you have to delete?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
by command line.
in windchill shell, we are using "windchill ext.org.utility.ACLUtility <adminusername> <adminpassword> <inputfilelocationpath>
like this and all the loggers, i am using csv to append in java it will give me the csv with logs in windchill temp location.
whatever above you seen the table, that are from CSV output of utility.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
It seems to be saying that it cannot find the ACL. If there are not too many and you think its a glitch with the utility, is manual deletion possible via the GUI?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Yes @avillanueva , By UI, we can delete the ACL in Policy administration but i need utility to delete and the utility should work on ACL deletion.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
This article appears to match your issue. I would do a select first to see what the record says, follow normal BP like backing up when doing SQL edits:
https://www.ptc.com/en/support/article/CS317068?source=search
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
in my DB, WTAclEntry table had allExceptPrincipal column have 0 and 1 values, not Null.
as per article resolution, i run the query: "update WTAclEntry set allExceptPrincipal=0 WHERE trim(allExceptPrincipal) IS NULL;"
it was not successful. i am getting "
Msg 8116, Level 16, State 1, Line 8
Argument data type tinyint is invalid for argument 1 of Trim function."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
The "trim" function specific to string values and [at least in SQL Server] you are dealing with a "tinyInt" column that cannot be NULL. Look at the table columns using SSMS:
To confirm no NULL values via TSQL query...
select distinct allExceptPrincipal from WTAclEntry;
If it returns a NULL value, then set NULL values to zero with one of the following and then validate there are no NULL values.
update WTAclEntry set allExceptPrincipal=0 WHERE allExceptPrincipal IS NULL;
OR
update WTAclEntry set allExceptPrincipal=0 WHERE not allExceptPrincipal=1;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
i run the queries, but nothing worked, utility not able to delete the existing ACL which is allExceptParticipant acl.
after db update, need to take restart of windchill?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Not 100% certain. At least some ACL information is cached, so a restart of Windchill may be required.
Did you have any NULL values prior to updating the column values?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
No, NULL values are not shown on distinct query.
take the restart of windchill and again run the utility, still got the same error: wt.access.assessResource/38
API= AccessControlHelper.manager.deleteAccessControlRule(localAdminDomainRef, objType, localState,
localWTPrincipalReference, false).
is there any other API is there for delete access control rule. if there please provide me.
thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
If there weren't NULL values then the issue described in that knowledge base article CS317068 is not your issue.
In a non-production environment with a recent restore point...
Determine how many ACLs are assigned allExceptParticipant=1 and if you need to remove them or not.
If removing all of them, try to set their values to 0 and then programmatically remove them again.
update WTAclEntry set allExceptPrincipal=0 WHERE not allExceptPrincipal=1;
If it works, maybe your Java program could be updated to make this change before trying to delete the existing ACLs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Hello @Akash.S_121,
It looks like you have some responses from some community members. If any of these replies helped you solve your question please mark the appropriate reply as the Accepted Solution.
Of course, if you have more to share on your issue, please let the Community know so other community members can continue to help you.
Thanks,
Vivek N.
Community Moderation Team.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
I got the usage of API of this delete AccessControlRule:
AccessControlHelper.manager.deleteAccessControlRule(localAdminDomainRef, objType, localState,
localWTPrincipalReference, false);
here in above false represents allExceptprincipal is false.
for deleting all except participant ACL, we need to use true in place of false
AccessControlHelper.manager.deleteAccessControlRule(localAdminDomainRef, objType, localState,
localWTPrincipalReference, true);
but for this, i need to get the ACL, if it had allExceptPrincipal is true or false, as per this, we need specific logic to use above API.
AccessControlHelper.manager.getAccessControlRule(localAdminDomainRef, objType, localState,
localWTPrincipalReference, boolean)