Community Tip - Stay updated on what is happening on the PTC Community by subscribing to PTC Community Announcements. X
Does anyone here know how I give a user access to add/remove users to Groups in PDMLink without being an Org Admin or Administrator in Windchill PDMLink ?
I am also intrested in giving a user access to run reports in the Security Audit Reporting without being an Org Admin or Administrator in Windchill PDMLink ?
I've been told by PTC "Not part of Windchill PDMLink functionality".
Windchill 11.1 M020-CPS16
Solved! Go to Solution.
How closely does this article address your first question?
https://www.ptc.com/en/support/article/CS55713
No on the first one since you need to see the org or site icons to admin.
This article discusses how to give access for users to run reports:
https://www.ptc.com/en/support/article/CS292726?source=search
Avillanueva,
Thank you for your response.
1/That’s a shame, I was hoping I could set a few users as org admins but then also add them into another group, which I would then restrict from doing anything other than modifying the org level groups. I wasn’t sure if it was possible so thought I ask, maybe someone had already done something similar?
Would users need to see the org/site icons if we provided them with a direct URL link to the Org groups tab?
2/It's the security audit reports page, not the Report Builder I was referring to (see attached). I want to provide another group of users access to be able to generate their own security audit reports; for example, running a report of who accessed a particular document.
Hi
yeah already avillanueva told correct , otherwise the system admin (IT person) provide access for AD group(active directory) or directory server.
Thanks
Sarathkumar M
Hi Sarathkumar, Please see my reply to Avillanueva. Do you mean I setup access (ACL policy in policy admin) for the group ?
Hi Hussain,
do you need access this windchill directory or active directory for AD , but you need access those.
or for example
Thanks
I wonder if this could be done with a workflow.
I would try creating a document subtype that upon creation would initiate the workflow. Restrict access to the document creation to only those users who should be authorized. In the workflow, maybe you could use setup participants tasks to select users / groups? The action of adding/removing the users could then be performed by the workflow using the admin account.
As a plus, the document subtype would be a handy record of all changes performed that way.
Hi Joe, We’ve done similar with workflows; for example, allowing users with a Workflow Task ad-hoc access to modify locked-down documents and parts within a library container, but not tried doing this for groups at org level.
However, I do want to audit the changes to the Org groups in the future, so the admin account performing the adding/removing users will mean I lose this ability, since the admin account would be the only account recorded in the auditrecord table. Many Thanks.
How closely does this article address your first question?
https://www.ptc.com/en/support/article/CS55713
Thanks mmeadows. I think the article you pointed me to is the closest match to what I am trying to achive. Many Thanks.
You can give a user permissions to edit groups with an acl policy but you would also need to limit the permission to certain groups, otherwise they can easily add themselves to admin groups which would defeat the purpose because they could easily just add themselves to orgadmin etc, so move the groups that they are allowed to edit to another domain within the current one.