cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Stay updated on what is happening on the PTC Community by subscribing to PTC Community Announcements. X

Limited access

Go to solution
BenLoosli
23-Emerald II
23-Emerald II
‎Nov 21, 2018 10:01 AM
‎Nov 21, 2018 10:01 AM

Limited access

We have a few documents that need to be in Windchill but management wants access restricted to a few people, not the whole engineering organization. Security labels are an overkill, besides a PITA to setup, for only a few documents.

 

If I create a new folder in the doc lib and a new group of the restricted users, can I set ACL rules for that one folder so only the restricted group can see and access the files in that folder?  I know I could do it at the Library level with a new Restricted Lib, but that involves OS folders and all of that setup, which is also overkill.

 

We have a Doc Lib under the Library tab with a Main sub-folder. In the Main sub-folder, we have various document type folders. I would create a new folder at this level, named Manager Restricted (or something like that) to place these few documents in. For user access, I would create a new group named Restricted and give that group access to the folder while denying access to the engineering group. The users in the Restricted group would also be members of the engineering group, so which permission right wins?

 

Any suggestions, hints or details about what you have done will be helpful.

 

Windchill 11.0 m030 CPS08

0 Kudos
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
TomU
23-Emerald IV
23-Emerald IV
(To:BenLoosli)
‎Nov 21, 2018 10:14 AM
‎Nov 21, 2018 10:14 AM

Yes, controlling this at the folder level is definitely possible.  You will need to create a new sub-domain in the policy administrator under that context and then change the folder to use this sub-domain.  It's not difficult, just kind of clunky.  Pay attention to the 'Absolute Deny' in the second picture.  That's what makes it all work.  Everyone not in that group is prevented access.

Sub Domain.PNG

Sub Domain ACL.PNGFolder Domain.pngFolder Domain Picker.PNG

View solution in original post

Notify Moderator
4 REPLIES 4
TomU
23-Emerald IV
23-Emerald IV
(To:BenLoosli)
‎Nov 21, 2018 10:14 AM
‎Nov 21, 2018 10:14 AM

Yes, controlling this at the folder level is definitely possible.  You will need to create a new sub-domain in the policy administrator under that context and then change the folder to use this sub-domain.  It's not difficult, just kind of clunky.  Pay attention to the 'Absolute Deny' in the second picture.  That's what makes it all work.  Everyone not in that group is prevented access.

Sub Domain.PNG

Sub Domain ACL.PNGFolder Domain.pngFolder Domain Picker.PNG

Notify Moderator
slapha
15-Moonstone
15-Moonstone
(To:TomU)
‎Nov 21, 2018 04:21 PM
‎Nov 21, 2018 04:21 PM

can confirm. We use the unique domain method to control ACL's on the folder. We use it to make private folders, and restrict edit capability to select folders.

Though we have noticed an issue where the Edit access control window doesn't necessarily show what access is really being granted/denied. PTC is looking into it, but solution remains to be seen (11.0 M030 CPS 05).

0 Kudos
Notify Moderator
avillanueva
22-Sapphire I
22-Sapphire I
(To:TomU)
‎Nov 04, 2021 10:58 AM
‎Nov 04, 2021 10:58 AM

Learned something new "All except participant" designation. That has possibilities. "My mind is a raging torrent, flooded with rivulets of thought cascading into a waterfall of creative alternatives."

Notify Moderator
SvenVanDroogenb
7-Bedrock
7-Bedrock
(To:BenLoosli)
‎Apr 04, 2019 04:46 AM
‎Apr 04, 2019 04:46 AM

Alternative solution is to work with document sub-types.  Easier to configure access rights.

0 Kudos
Notify Moderator
Top Tags