Community Tip - Did you know you can set a signature that will be added to all your posts? Set it here! X

Delete ACL applies to all except participant by delete acl utility.java

Akash.S_121
10-Marble

Delete ACL applies to all except participant by delete acl utility.java

Version: Windchill 12.0

 

Use Case: Delete the ACL in domain by using Utility by running windchill command in shell


Description:

Hi,

we had a utility for deleting ACL, we are using this for deleting ACL from backend in various domains.

that utility is deleting Group assigned ACL and Role assigned ACL, but it is not deleting ACL which is group assigned ACL applies to "All except participant" principal.

 

when we tried to run ACL delete utility, it is returning error for above applies to "All except participant". error message is "Resource bundle/Message key = wt.access.accessResource/38".

I need a suggestion on this to how to solve this and how can i change or implement the logic to delete the ACL which is applies to "all except participant" and have absolute deny permission sets by this utility.
Used API is: 

AccessControlHelper.manager.deleteAccessControlRule(localAdminDomainRef, objType, localState,

localWTPrincipalReference, false);

getting logs from my delete utility where it fails:

deleteACL
ALL Parrameters :wt.fc.WTObject
sLCState: ALL
localState :null
localWTContainerRef :Common_Startmodels
localAdminDomainRef :Hairpins
Get Internal Role or Group Name
groupForName = EPT Startmodels Hairpins SF Pool Grp
localWTPrincipalReference :EPT Startmodels Hairpins SF Pool Grp
ERROR: Couldn't find rule! Message:  Resource bundle/Message key = wt.access.accessResource/38
ACCEPTED SOLUTION

Accepted Solutions

I got the usage of API of this delete AccessControlRule:

AccessControlHelper.manager.deleteAccessControlRule(localAdminDomainRef, objType, localState,

localWTPrincipalReference, false);

here in above false represents allExceptprincipal is false.

for deleting all except participant ACL, we need to use true in place of false

AccessControlHelper.manager.deleteAccessControlRule(localAdminDomainRef, objType, localState,

localWTPrincipalReference, true);

but for this, i need to get the ACL, if it had allExceptPrincipal is true or false, as per this, we need specific logic to use above API.

AccessControlHelper.manager.getAccessControlRule(localAdminDomainRef, objType, localState,

localWTPrincipalReference, boolean)

 

 

 

View solution in original post

13 REPLIES 13
avillanueva
22-Sapphire II
(To:Akash.S_121)

Are you using the GUI or a command line to do the deletion? How many ACL lines in total do you have to delete?

by command line. 
in windchill shell, we are using "windchill ext.org.utility.ACLUtility <adminusername> <adminpassword> <inputfilelocationpath>
like this and all the loggers, i am using csv to append in java it will give me the csv with logs in windchill temp location.
whatever above you seen the table, that are from CSV output of utility.

avillanueva
22-Sapphire II
(To:Akash.S_121)

It seems to be saying that it cannot find the ACL. If there are not too many and you think its a glitch with the utility, is manual deletion possible via the GUI?

Yes @avillanueva , By UI, we can delete the ACL in Policy administration but i need utility to delete and the utility should work on ACL deletion.

avillanueva
22-Sapphire II
(To:Akash.S_121)

This article appears to match your issue. I would do a select first to see what the record says, follow normal BP like backing up when doing SQL edits:

https://www.ptc.com/en/support/article/CS317068?source=search

 

in my DB, WTAclEntry table had allExceptPrincipal column have 0 and 1 values, not Null.
as per article resolution, i run the query: "update WTAclEntry set allExceptPrincipal=0 WHERE trim(allExceptPrincipal) IS NULL;"

it was not successful. i am getting "

Msg 8116, Level 16, State 1, Line 8
Argument data type tinyint is invalid for argument 1 of Trim function." 

The "trim" function specific to string values and [at least in SQL Server] you are dealing with a "tinyInt" column that cannot be NULL.  Look at the table columns using SSMS:

mmeadows3_0-1736420415734.png

 

To confirm no NULL values via TSQL query...

select distinct allExceptPrincipal from WTAclEntry;

mmeadows3_1-1736420610317.png

 

If it returns a NULL value, then set NULL values to zero with one of the following and then validate there are no NULL values.
update WTAclEntry set allExceptPrincipal=0 WHERE allExceptPrincipal IS NULL;

OR

update WTAclEntry set allExceptPrincipal=0 WHERE not allExceptPrincipal=1;

 

i run the queries, but nothing worked, utility not able to delete the existing ACL which is allExceptParticipant acl.
after db update, need to take restart of windchill?

Not 100% certain.  At least some ACL information is cached, so a restart of Windchill may be required.

 

Did you have any NULL values prior to updating the column values?

No, NULL values are not shown on distinct query.
take the restart of windchill and again run the utility, still got the same error: wt.access.assessResource/38
API= AccessControlHelper.manager.deleteAccessControlRule(localAdminDomainRef, objType, localState,

localWTPrincipalReference, false).
is there any other API is there for delete access control rule. if there please provide me.

thanks.

If there weren't NULL values then the issue described in that knowledge base article CS317068 is not your issue.

 

In a non-production environment with a recent restore point...

 

Determine how many ACLs are assigned allExceptParticipant=1 and if you need to remove them or not.

If removing all of them, try to set their values to 0 and then programmatically remove them again.

update WTAclEntry set allExceptPrincipal=0 WHERE not allExceptPrincipal=1;

If it works, maybe your Java program could be updated to make this change before trying to delete the existing ACLs.

 

 

Hello @Akash.S_121

 

It looks like you have some responses from some community members. If any of these replies helped you solve your question please mark the appropriate reply as the Accepted Solution. 

Of course, if you have more to share on your issue, please let the Community know so other community members can continue to help you.

Thanks,
Vivek N.
Community Moderation Team.

I got the usage of API of this delete AccessControlRule:

AccessControlHelper.manager.deleteAccessControlRule(localAdminDomainRef, objType, localState,

localWTPrincipalReference, false);

here in above false represents allExceptprincipal is false.

for deleting all except participant ACL, we need to use true in place of false

AccessControlHelper.manager.deleteAccessControlRule(localAdminDomainRef, objType, localState,

localWTPrincipalReference, true);

but for this, i need to get the ACL, if it had allExceptPrincipal is true or false, as per this, we need specific logic to use above API.

AccessControlHelper.manager.getAccessControlRule(localAdminDomainRef, objType, localState,

localWTPrincipalReference, boolean)

 

 

 

Announcements


Top Tags