cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

How do I ensure the MFG Team views only Released Drawings

svs
Level 1

How do I ensure the MFG Team views only Released Drawings

I need to ensure the MFG Team views only Released Drawings . I modified the Lifecycle state's Access Control and unchecked all permissions for Released State for MFG team . But the policies aren't taking effect

Tags (1)
11 REPLIES 11

Re: How do I ensure the MFG Team views only Released Drawings

Hi

as OOTB all team memebers has Read permission for release object, you have to overide the same by dening the permission against of MFG Role in ACL.

MKR

Re: How do I ensure the MFG Team views only Released Drawings

You can check the Access Information Table via Manage Security to find out why a group still has access to the objects:

Select Actions > Manage Security

Add the principal to the list via the "+" button

Click on the info icon to open the "Access Information" table

7-29-2013+6-02-28+PM.png

Update the permissions/policies listed accordingly to get the desired level of access.

Refer to Access Information Page topic in the Windchill Help Center for more information

Re: How do I ensure the MFG Team views only Released Drawings

Hi Sriram,

Were you able to get what you needed working? We did this by creating a MFG role in the Product/Project. We then created a MFG group for the team members who are only suppose to view drawings at a certain lifecycle state, and added that group to the MFG role (this is defined in the template for any new products/projects as well).

In the Policy Administrator (Site -> Utilities -> Policy Administrator) we set rules to allow access to objects by their role and by lifecycle state. We edited the default rule giving read access to all, and instead only give read access to all users where the life cycle state = Released. Other roles are granted access to objects at other states as needed. For example, engineers have full access to all items at all roles except released. At released they can read and revise. Buyers have read access to all items at prototype, pre-release, release, and change pending.

Let me know if you need any help with this.

Thanks,

Micah

Re: How do I ensure the MFG Team views only Released Drawings

Traditionally you need to redesign the Access Controls;

PTC's out of the box Access Controls have teamMember that you need to delete.

1. Delete OOTB teamMember ACL against EPMDocuments

2. Make A New Role such as ViewReleasedCAD; Set ACLs for Read or Read/Download for State such as Released for EPMDoc

3. Add Groups to Role per COntext.

Pretty Much a standard Procedure for every customer

Re: How do I ensure the MFG Team views only Released Drawings

Hi Sriram,

You can achieve this by the followin steps:

1) Pool the specific MFG users to a User group.

2) Go to "Security" in Org Utilities and enable Folder domain display to YES.

3) Create a Domain and rule the policy administration for the following two conditions:

> The EPM Document object should carry "Deny" permission for all the listed actions under "In Work" State.

> The EPM Document object should be given "Read" Permissiono alone for the "Released" State.

4) Once when you had created the above policy now go to the folders where you need to apply this policy rule - Right click - Edit - Uncheck the Inherit Domain option - Click on Find and select the domain & policy rule that you had created in the above step and click "OK"

and DONE..

Hope this helps!

regards,

Amarkarthi

Re: How do I ensure the MFG Team views only Released Drawings

I'm partial but Brian is right here. Deny permissions should be used with caution and can easily be avoided in this scenario via removing 3 ACL's for the Teammembers role that come with EPMDocuments in the General Template. Then your users ACL's start from a somewhat blank slate with no granted permissions but also none denied. This is ideal.

Re: How do I ensure the MFG Team views only Released Drawings

Sriram,

Were you able to get this resolved?

Re: How do I ensure the MFG Team views only Released Drawings

I am very interested in this topic, but @LoriSood I can't seem to find Actions > Manage Security 

We need to restrict access to non Released objects to folks outside Engineering, but I'm having some difficulty.  
Our set up is on the cloud and I don't have complete admin access. Could you assist and point me in the right direction?

 

James Hall
PLM Administrator
Swisslog Healthcare (North America)
Windchill 11.0 M030 CPS09
WGM 11.0 M030
Inventor Pro 2017
Windows 10
SAP Version 7400.3.10.1126

Re: How do I ensure the MFG Team views only Released Drawings

In WC11, open the folder you have files in and then Actions - Edit Access Control.

You can also do this at a grander level from Utilities - Policy Administration.