Deny WTDocument, but Grant to a Soft Type?

sdrzewiczewski · ‎May 28, 2009

If you use a deny permission (not a best practice, I know..., but
works for our specific situation) on WTDocument, but you want the
grant a permission to one of the Soft Types, is that possible? I'm not
thinking that it is, or it's not that apparent to me how to configure
to work.

Thanks,
Steve D.

MikeLockwood · ‎May 28, 2009

Another example of why this is THE ULTIMATE puzzle in the system.

The way around this we've found is to isolate one element other than Type. Make the context Private so it doesn't inherit ACL's for the parent type, and/or make the Group separate from those to whom the DENY applies.

dwilliams · ‎May 28, 2009

We ran into this need awhile back.

We ended up granting read and modify permissions to the WTDocument, and added the Create permission on the soft type.

HugoHermans · ‎May 29, 2009

I've noticed that permissions on workflow level overrule permissions in
the ACL's. So, if someone is denied delete permission through ACL, but
'granted' via the workflow, he will have delete permission.

Hugo.

JeffZemsky · ‎May 29, 2009

Prior to 9.x you can set a wt.properties setting to remove types from pickers - here is a TAN showing this

http://www.ptc.com/appserver/cs/view/solution.jsp?n=137457

9.x on you can make the type instantiable

If you use a deny permission (not a best practice, I know..., but
works for our specific situation) on WTDocument, but you want the
grant a permission to one of the Soft Types, is that possible? I'm not
thinking that it is, or it's not that apparent to me how to configure
to work.

Thanks,
Steve D.

Jeff -

JeffZemsky · ‎May 29, 2009

Sorry - I meant you can remove the instantiable flag in Type Manager

In Reply to Jeff Zemsky:

Prior to 9.x you can set a wt.properties setting to remove types from pickers - here is a TAN showing this
http://www.ptc.com/appserver/cs/view/solution.jsp?n=137457
9.x on you can make the type instantiable
If you use a deny permission (not a best practice, I know..., but
works for our specific situation) on WTDocument, but you want the
grant a permission to one of the Soft Types, is that possible? I'm not
thinking that it is, or it's not that apparent to me how to configure
to work.

Thanks,
Steve D.
Jeff -

Jeff Zemsky
-

sdrzewiczewski · ‎Jun 01, 2009

Thanks to all that replied. Right now alot of our permissions are granted through teamMembers. We're in the process of bringing some outside people in to our system, so we want to show them some of the soft types of WTDocs but not all WTDocs.

What I came up with as a workaround is to remove some of the teamMembers rules so the new Role doesn't get these rules, and add them to a role called Members, that all internal users are part of. Then the discipline roles like Mech. Eng, Elec Eng, etc get more specific rules and our external users are part of Members so they have a much more limited set of permissions.