Solved: Limited access

BenLoosli · ‎Nov 21, 2018

We have a few documents that need to be in Windchill but management wants access restricted to a few people, not the whole engineering organization. Security labels are an overkill, besides a PITA to setup, for only a few documents.

If I create a new folder in the doc lib and a new group of the restricted users, can I set ACL rules for that one folder so only the restricted group can see and access the files in that folder? I know I could do it at the Library level with a new Restricted Lib, but that involves OS folders and all of that setup, which is also overkill.

We have a Doc Lib under the Library tab with a Main sub-folder. In the Main sub-folder, we have various document type folders. I would create a new folder at this level, named Manager Restricted (or something like that) to place these few documents in. For user access, I would create a new group named Restricted and give that group access to the folder while denying access to the engineering group. The users in the Restricted group would also be members of the engineering group, so which permission right wins?

Any suggestions, hints or details about what you have done will be helpful.

Windchill 11.0 m030 CPS08

TomU · ‎Nov 21, 2018

Yes, controlling this at the folder level is definitely possible. You will need to create a new sub-domain in the policy administrator under that context and then change the folder to use this sub-domain. It's not difficult, just kind of clunky. Pay attention to the 'Absolute Deny' in the second picture. That's what makes it all work. Everyone not in that group is prevented access.

View solution in original post

TomU · ‎Nov 21, 2018

Yes, controlling this at the folder level is definitely possible. You will need to create a new sub-domain in the policy administrator under that context and then change the folder to use this sub-domain. It's not difficult, just kind of clunky. Pay attention to the 'Absolute Deny' in the second picture. That's what makes it all work. Everyone not in that group is prevented access.

slapha · ‎Nov 21, 2018

can confirm. We use the unique domain method to control ACL's on the folder. We use it to make private folders, and restrict edit capability to select folders.

Though we have noticed an issue where the Edit access control window doesn't necessarily show what access is really being granted/denied. PTC is looking into it, but solution remains to be seen (11.0 M030 CPS 05).

avillanueva · ‎Nov 04, 2021

Learned something new "All except participant" designation. That has possibilities. "My mind is a raging torrent, flooded with rivulets of thought cascading into a waterfall of creative alternatives."

SvenVanDroogenb · ‎Apr 04, 2019

Alternative solution is to work with document sub-types. Easier to configure access rights.