cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Need to share some code when posting a question or reply? Make sure to use the "Insert code sample" menu option. Learn more! X

How do I make Windchill read only?

gchampoux
7-Bedrock
7-Bedrock
‎Sep 21, 2016 02:24 PM
‎Sep 21, 2016 02:24 PM

How do I make Windchill read only?

We are retiring Windchill Intralink 9.1 soon, and migrating to a different PDM.
However, we want to keep Windchill running as read-only for a few months in case we discover any files that were not migrated.

My first thought was to make all vaults read-only. But is that enough?

Will users still be able to revise, check-out, or promote?
All we want is for users to be able to "Add to Workspace" in Pro/E so they can export afterward.

I'm hoping to avoid using the Policy Administrator to change Domain permissions.

(It's been years since I've created/changed those.)

Gerry Champoux

Williams International

Labels:
0 Kudos
Notify Moderator
5 REPLIES 5
mdebower
18-Opal
18-Opal
(To:gchampoux)
‎Sep 21, 2016 02:38 PM
‎Sep 21, 2016 02:38 PM

Not sure this would work, but could you add everyone to a group that has restricted access?

Or create a Profile with all of the create, revise, checkout, and promote commands removed?

Use the Guest role?

Just some off the top of my head thoughts...

0 Kudos
Notify Moderator
MikeLockwood
22-Sapphire I
22-Sapphire I
(To:gchampoux)
‎Sep 21, 2016 02:44 PM
‎Sep 21, 2016 02:44 PM

Policy Administrator is not so bad for a single Rule.

At Org / PDM create a Rule that Denies everything but Read and Download to the Organization (not to a Role or Group).

Confirm by accessing some data object and running Manage Security.

Notify Moderator
gchampoux
7-Bedrock
7-Bedrock
(To:MikeLockwood)
‎Oct 21, 2016 07:58 AM
‎Oct 21, 2016 07:58 AM

Would I be correct in assuming that in this scenario, the administrator (wcadmin) would still have full access (not restricted to read/download)?

Gerry

0 Kudos
Notify Moderator
cgadre
12-Amethyst
12-Amethyst
(To:gchampoux)
‎Sep 22, 2016 04:07 AM
‎Sep 22, 2016 04:07 AM

How many products/libraries are there in migrated PDM?

Though we can use different options like Profile and access control, I would go with read, download etc permissions defined at organization level which applies to all users except Administrator (It is very important to exclude Administrators).

Let me know if you have any difficulties in setting access control.

0 Kudos
Notify Moderator
mmeadows
1-Visitor
1-Visitor
(To:gchampoux)
‎Nov 05, 2016 10:25 AM
‎Nov 05, 2016 10:25 AM

Manipulating domain policies can be a lot of 'fun'.  Mike's solution is great as long as the Windchill system follows domain policy best practices.  But there is a good chance these recommendations won't work.  It just depends on the nuances of your current business configuration.

  • Is this a multi-org implementation?
  • Is site admin unaffiliated or assigned to the organization domain?
  • Are shared teams being used?
  • Are users assigned to the organization domain or are they unaffiliated?
  • Are access permissions explicitly assigned to individual users?
  • Are ad hoc permissions assigned through life cycles or managed security?
  • ...

Unfortunately there are many ways to accidentally limit site admin's permissions while trying to limit access to everyone elseSo always configure and validate in a test environment first.


FYI: In case you discover your site admin suddenly has read-only permissions to the system, there is a Windchill property that will bypass/disable all access controls (CS20793).


0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags