cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - If community subscription notifications are filling up your inbox you can set up a daily digest and get all your notifications in a single email. X

Limited access

BenLoosli
23-Emerald II

Limited access

We have a few documents that need to be in Windchill but management wants access restricted to a few people, not the whole engineering organization. Security labels are an overkill, besides a PITA to setup, for only a few documents.

 

If I create a new folder in the doc lib and a new group of the restricted users, can I set ACL rules for that one folder so only the restricted group can see and access the files in that folder?  I know I could do it at the Library level with a new Restricted Lib, but that involves OS folders and all of that setup, which is also overkill.

 

We have a Doc Lib under the Library tab with a Main sub-folder. In the Main sub-folder, we have various document type folders. I would create a new folder at this level, named Manager Restricted (or something like that) to place these few documents in. For user access, I would create a new group named Restricted and give that group access to the folder while denying access to the engineering group. The users in the Restricted group would also be members of the engineering group, so which permission right wins?

 

Any suggestions, hints or details about what you have done will be helpful.

 

Windchill 11.0 m030 CPS08

ACCEPTED SOLUTION

Accepted Solutions
TomU
23-Emerald IV
(To:BenLoosli)

Yes, controlling this at the folder level is definitely possible.  You will need to create a new sub-domain in the policy administrator under that context and then change the folder to use this sub-domain.  It's not difficult, just kind of clunky.  Pay attention to the 'Absolute Deny' in the second picture.  That's what makes it all work.  Everyone not in that group is prevented access.

Sub Domain.PNG

Sub Domain ACL.PNGFolder Domain.pngFolder Domain Picker.PNG

View solution in original post

4 REPLIES 4
TomU
23-Emerald IV
(To:BenLoosli)

Yes, controlling this at the folder level is definitely possible.  You will need to create a new sub-domain in the policy administrator under that context and then change the folder to use this sub-domain.  It's not difficult, just kind of clunky.  Pay attention to the 'Absolute Deny' in the second picture.  That's what makes it all work.  Everyone not in that group is prevented access.

Sub Domain.PNG

Sub Domain ACL.PNGFolder Domain.pngFolder Domain Picker.PNG

slapha
15-Moonstone
(To:TomU)

can confirm. We use the unique domain method to control ACL's on the folder. We use it to make private folders, and restrict edit capability to select folders.

Though we have noticed an issue where the Edit access control window doesn't necessarily show what access is really being granted/denied. PTC is looking into it, but solution remains to be seen (11.0 M030 CPS 05).

avillanueva
22-Sapphire II
(To:TomU)

Learned something new "All except participant" designation. That has possibilities. "My mind is a raging torrent, flooded with rivulets of thought cascading into a waterfall of creative alternatives."

Alternative solution is to work with document sub-types.  Easier to configure access rights.

Announcements


Top Tags