How to grant an Owner the ability to edit context ...

kiljaedenas · ‎Feb 03, 2014

Hi there,

In PDM 9.1 what line do I put in the Policy Administrator to allow a Context OWNER the ability to edit the members of the context team? I do not want to use one of the dynamic roles inside the context team because whoever is in that role could add others to it and that would result in a snowball effect of access. I'd rather have the Context Owner have the access; there is always only one and only site admins can edit owners.

On a side note, is there a document/table anywhere that lists each and every out-of-the box item Type that can be referenced in the Policy Administrator for PDM 9.1 and/or 10.1, along with descriptions as to what they are for? I think a chunk of my issues with tweaking access levels is that I don't know precisely which Type to put the controls on.

Please advise,

Daryl Oehr

Engineering Systems Analyst

Westport

Vancouver, BC

Canada

patrickchin2000 · ‎Feb 04, 2014

Hi Daryl,

Try "Team" in policy administration. Library, Product, Project Manager per contect has full control over this object. Team is the team permissions to change the team of a context.

But becareful, make sure you test first. This may affect the workflow too with Select Participants. I would be very careful, because like you said, it is per context for their respective context. if that is the case as soon as you place a non-admin who has friends to other contexts, like you said, scratching backs can cascade. Hopefully, people really follow the process. Another method is to create a Resource/ProjectManager rolewith only full team access because the Context Manager has full access for WTObject in the entire context.

Hopefully that can help you,

Patrick

In Reply to Daryl Oehr:

Hi there,

In PDM 9.1 what line do I put in the Policy Administrator to allow a Context OWNER the ability to edit the members of the context team? I do not want to use one of the dynamic roles inside the context team because whoever is in that role could add others to it and that would result in a snowball effect of access. I'd rather have the Context Owner have the access; there is always only one and only site admins can edit owners.

On a side note, is there a document/table anywhere that lists each and every out-of-the box item Type that can be referenced in the Policy Administrator for PDM 9.1 and/or 10.1, along with descriptions as to what they are for? I think a chunk of my issues with tweaking access levels is that I don't know precisely which Type to put the controls on.

Please advise,

Daryl Oehr

Engineering Systems Analyst

Westport

Vancouver, BC

Canada

MikeLockwood · ‎Feb 04, 2014

Have to also be a bit careful to ensure that you are addressing the desired one of these:

- Context Team (e.g. for Library 123)

- Team Instance (e.g. the Team Instance for Change Request 0002344)

- Shared Team

kiljaedenas · ‎Feb 05, 2014

Thanks for the feedback, I did add an access rule to Team (even putting it to Full Control for one of the dynamic roles) and it didn't work. I made an interesting discovery though: the Configure Actions for Role utility within a context seems to completely override anything I put in the Policy Administrator and also doesn't get updated when I do something like add Full Control on a Team for a dynamic role in the Policy Administrator. I was successfully able to grant team-editing access to a role within the Configure Actions function for a specific context.

These conflicting access-granting functions are annoying...I've also found access-setting rules in the life-cycle administrator and workflow administrators.

Since Configure Actions for Role seems to be the only place I can do it, is there a way to update that setting for every context at once, and will editing that setting in the template used for making new product or library contexts carry that setting forward?