cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Guest and Another Role in Product Context - Are these mutually exclusive?

Regular Member

Guest and Another Role in Product Context - Are these mutually exclusive?

Currently we have an org level group that we gave read & download access andthe ability tosearch/find objects in all Products. However, if they search for an object that is in a Product where they are not a member, they cannot identify the context of the found object. Therefore, we were planning on adding the group as a Guest in the Product template so that all group members would be a Guest in any Product container. Unfortunately, this has resulted in an issue. These users are now unable to create objects in any Product that they are a member even though they have permissions via the ACLs(i.e. they have a team role, like Designer, in the Product). It seems that whatever constraints are placed on the Guest Role native in Windchill viathe role actionsconfiguration are preventing the user from executing any actions that his other role should allow (i.e. Create Documents or Problem Reports). Can a member also be a Guest and not lose permissions? Our fall back is to add this group to all products as a Member but this adds all products to the usersfull list display of products.

TIA,
Mark Bohannon
3 REPLIES 3

Guest and Another Role in Product Context - Are these mutually exclusive?

We have this setup exactly like this in 8. No issues. Did you use deny rights?

Guest and Another Role in Product Context - Are these mutually exclusive?

This worked fine for us in 8 but the ACL resolution order of precedence
changed in 9. We have this exact problem and are trying to come up with
a solution for our upgrade to 9. In our production 8 system, we have
most users in a group that is assigned to the Guest role on most
products. This allows them read/search access across most products. We
then assign individual users to the Member role in a product to grant
them create/update permissions. In 8 being assigned as both a Guest and
Member will grant the permissions of the Member (or the highest access
role assigned). However, in 9 this is reversed! When assigned in both
roles the lowest access is granted, so even though they are assigned as
a Member they still only get Guest permission. This is huge for us to
overcome for our upgrade to 9. We still don't have a good solution. Why
was this changed from 8 to 9? We have not been able to find any
documentation related to this. Our support call resulted in a "that's
the way it's supposed to work".

Please share ideas of how to get around this.

Debbie

Highlighted

Guest and Another Role in Product Context - Are these mutually exclusive?

Folks,



As of 9.0 F000, the behavior of the Guest role did change from being a
"base set" of permissions to being a "limiting set" of permissions.
This was done as part of a re-factoring effort, but it means that
members of the Guest role in 9.0 F000 are limited by the code to read
only access.



As of 9.0 M060, this behavior will be changing back to the 8.0 behavior.
Members of both Guest and some other role will once again get the
combined set of permissions rather than being limited to Read. For
those interested, the SPR is 1454794.



Regards,

=MrK






Announcements
LiveWorx Call For Papers Happening Now!