cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

I need to achieve the below access requirement

SOLVED
Highlighted
Participant

I need to achieve the below access requirement

 

  • <<Research Specific Documents>> should be visible (Content/Download) to a specific Group
  • <<Research Specific Documents>> Title and Metadata should be visible to all (ALL_USERS_GROUP)
  • These <<Research Specific Documents>> can lie anywhere in “R&D space”. Not under specific Folder

  

Tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: I need to achieve the below access requirement

While there are many different ways you can accomplish this, here's what I would suggest taking into account these assumptions:

  1. "R&D space" is the name of a single product or library in PDMLink (call it "context").
  2. To start, the typical out-of-the-box ACLs are applied to this context.
  3. The out-of-the-ox OIRs are also in existence without modification.
  4. <<Research Specific Documents>> is a soft type of WTDocument

Here's what you can do:

  • Your first bullet point:  to grant only Read and Download access, put users into the "Guest" role on the context team.
  • Your second bullet point:  this one is tricky because by default anyone on any role of the team will have "Read and Download" access.  One thing you can do is make a organization group called "No Download" or something (you can call it whatever you want, really) and then in the Policy Administrator, create an ACL at the default level for that context, set it to this group (not a role), and then apply a "Deny" (or "Absolute Deny" will work here too) on "Download". Then, add this group to the "Guest" role of the context.  They will be granted "Read and Download" via the guest role, but should then have "Download" removed via the group membership.  You can also accomplish this by adding a new unique role to the team and putting the "Deny Download" on that role instead of using an organization group, then adding users/groups to that role.  That strategy has other pros/cons with it too depending on the "big picture" of Windchill configuration.
  • Your third bullet point:  the out-of-the-box configuration should already allow this.  The user just has to navigate to where they want the object created and THEN launch the new WTDocument wizard, or they have to change the location in the wizard itself.  Now if you mean you're looking to make these documents ONLY in this context, you will either have to add ACLs to the context to allow for its creation (depending on its life cycle states and what WTDocument is already configured for), or you will have to create ACLs in your other contexts to deny creation in those.

Feel free to contact me directly if you have additional questions.

View solution in original post

1 REPLY 1
Highlighted

Re: I need to achieve the below access requirement

While there are many different ways you can accomplish this, here's what I would suggest taking into account these assumptions:

  1. "R&D space" is the name of a single product or library in PDMLink (call it "context").
  2. To start, the typical out-of-the-box ACLs are applied to this context.
  3. The out-of-the-ox OIRs are also in existence without modification.
  4. <<Research Specific Documents>> is a soft type of WTDocument

Here's what you can do:

  • Your first bullet point:  to grant only Read and Download access, put users into the "Guest" role on the context team.
  • Your second bullet point:  this one is tricky because by default anyone on any role of the team will have "Read and Download" access.  One thing you can do is make a organization group called "No Download" or something (you can call it whatever you want, really) and then in the Policy Administrator, create an ACL at the default level for that context, set it to this group (not a role), and then apply a "Deny" (or "Absolute Deny" will work here too) on "Download". Then, add this group to the "Guest" role of the context.  They will be granted "Read and Download" via the guest role, but should then have "Download" removed via the group membership.  You can also accomplish this by adding a new unique role to the team and putting the "Deny Download" on that role instead of using an organization group, then adding users/groups to that role.  That strategy has other pros/cons with it too depending on the "big picture" of Windchill configuration.
  • Your third bullet point:  the out-of-the-box configuration should already allow this.  The user just has to navigate to where they want the object created and THEN launch the new WTDocument wizard, or they have to change the location in the wizard itself.  Now if you mean you're looking to make these documents ONLY in this context, you will either have to add ACLs to the context to allow for its creation (depending on its life cycle states and what WTDocument is already configured for), or you will have to create ACLs in your other contexts to deny creation in those.

Feel free to contact me directly if you have additional questions.

View solution in original post

Announcements