Community Tip - You can Bookmark boards, posts or articles that you'd like to access again easily! X
I'm working on an o.o.b version of 10.1.
I have a group "View Released" who I want to only see Released objects and download.
The group has a Profile that stops all modifications available via the profile.
At the Default PDM Library I created a policy to allow that group to Read wtobjects at Released. Works great.
Problem is they can see In Work and they could check out In Work!
I then created a policy to deny everything but read on all objects for that group. That stops the Check out at In Work.
I don't want to create a policy to deny Read at each object state as that would get complicated.
Anyone know what is allowing visibility
Solved! Go to Solution.
OK - there are some OOB Policy that allow all "Team Members" access to all WTDocuments, EPMDocuments and Parts. Once I deleted those I was good.
Take a look at the permissions for your specific domain (context). It very likely that you are inheriting permissions from the site level and organization level. If you are using out of the box roles then you very well may have permissions affecting that role that are propagating down from a higher level domain. If you've created a new role, you will still inherit any permissions that apply to "All" principals. You're will probably need to remove some of these broad permissions at the upper levels and then re-grant them to the appropriate roles as necessary.
I had remvoed an Unafilliated role at the site level and I did not see any WTObject for All participants.
OK - there are some OOB Policy that allow all "Team Members" access to all WTDocuments, EPMDocuments and Parts. Once I deleted those I was good.