cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you get an answer that solved your problem? Please mark it as an Accepted Solution so others with the same problem can find the answer easily. X

How to give a user access to Groups in PDMLink without being an Org Admin or Administrator

WajidHussain
6-Contributor

How to give a user access to Groups in PDMLink without being an Org Admin or Administrator

Does anyone here know how I give a user access to add/remove users to Groups in PDMLink without being an Org Admin or Administrator in Windchill PDMLink ? 

 

I am also intrested in giving a user access to run reports in the Security Audit Reporting without being an Org Admin or Administrator in Windchill PDMLink ?

 

I've been told by PTC "Not part of Windchill PDMLink functionality".

 

Windchill 11.1 M020-CPS16

 

 

 

ACCEPTED SOLUTION

Accepted Solutions

How closely does this article address your first question?

https://www.ptc.com/en/support/article/CS55713

 

View solution in original post

10 REPLIES 10

No on the first one since you need to see the org or site icons to admin. 

This article discusses how to give access for users to run reports:

https://www.ptc.com/en/support/article/CS292726?source=search

 

Avillanueva,
Thank you for your response.
1/That’s a shame, I was hoping I could set a few users as org admins but then also add them into another group, which I would then restrict from doing anything other than modifying the org level groups. I wasn’t sure if it was possible so thought I ask, maybe someone had already done something similar?
Would users need to see the org/site icons if we provided them with a direct URL link to the Org groups tab?
2/It's the security audit reports page, not the Report Builder I was referring to (see attached). I want to provide another group of users access to be able to generate their own security audit reports; for example, running a report of who accessed a particular document.

Hi 

yeah already avillanueva  told correct , otherwise the system admin (IT person) provide access for AD group(active directory) or directory server.

 

Thanks

Sarathkumar M

Sarathkumar M

Hi Sarathkumar, Please see my reply to Avillanueva.  Do you mean I setup access (ACL policy in policy admin) for the group ?

Hi Hussain,

 

do you need access this windchill directory or active directory for AD , but you need access those.

Sarathkumar_M_5-1707550475673.png

 

or for example 

Sarathkumar_M_4-1707550262720.png

Thanks

 

 

 

 

Sarathkumar M

I wonder if this could be done with a workflow.

 

I would try creating a document subtype that upon creation would initiate the workflow. Restrict access to the document creation to only those users who should be authorized. In the workflow, maybe you could use setup participants tasks to select users / groups? The action of adding/removing the users could then be performed by the workflow using the admin account.

 

As a plus, the document subtype would be a handy record of all changes performed that way. 

Hi Joe, We’ve done similar with workflows; for example, allowing users with a Workflow Task ad-hoc access to modify locked-down documents and parts within a library container, but not tried doing this for groups at org level.

However, I do want to audit the changes to the Org groups in the future, so the admin account performing the adding/removing users will mean I lose this ability, since the admin account would be the only account recorded in the auditrecord table. Many Thanks.

How closely does this article address your first question?

https://www.ptc.com/en/support/article/CS55713

 

Thanks mmeadows.  I think the article you pointed me to is the closest match to what I am trying to achive.  Many Thanks.

You can give a user permissions to edit groups with an acl policy but you would also need to limit the permission to certain groups, otherwise they can easily add themselves to admin groups which would defeat the purpose because they could easily just add themselves to orgadmin etc, so move the groups that they are allowed to edit to another domain within the current one.

Announcements


Top Tags