cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - New to the community? Learn how to post a question and get help from PTC and industry experts! X

Problem Report Authors Configuration Question

pwilliams-3
12-Amethyst
12-Amethyst
‎Nov 14, 2014 05:00 PM
‎Nov 14, 2014 05:00 PM

Problem Report Authors Configuration Question

10.1 M040

Hi Everyone,
Has anyone configured Windchill to allow all users the ability to create a Problem Report on objects within containers without being a member on the container team? If so, would you mind sharing how you did it?

Patrick Williams | Engineering Systems | c: 616.947.2110
[cid:image001.jpg@01D00024.147A33C0]

Labels:
0 Kudos
Notify Moderator
3 REPLIES 3
ddemay
7-Bedrock
7-Bedrock
(To:pwilliams-3)
‎Nov 14, 2014 06:00 PM
‎Nov 14, 2014 06:00 PM

Customization via action or workflow or custom page. Easier to create a role
on the container team that allows them to only create these and then use
security labels and/or access controls to restrict access. My guess is they
at least need to know what they are creating a problem report against?






0 Kudos
Notify Moderator
pwilliams-3
12-Amethyst
12-Amethyst
(To:pwilliams-3)
‎Nov 17, 2014 08:58 AM
‎Nov 17, 2014 08:58 AM

From: Williams, Patrick
0 Kudos
Notify Moderator
ddemay
7-Bedrock
7-Bedrock
(To:pwilliams-3)
‎Nov 17, 2014 07:43 PM
‎Nov 17, 2014 07:43 PM

Well now we're just looking for the shiny key in the tall weeds.



You need to think about this from a CISSP standpoint also. You do not want
to open any backdoors. I got butterflies in my stomach when you mentioned
WTObject - all.



Do you have error message and stacktrace from the log files? This may be
quite informative as you know. Have you turned on tracing for wt.access.*?



My recommendation is to load a role and group via load files to a container
- I do it all the time and will simplify greatly, the effort. I can provide
example if you like.



Removing or altering via load file is customization though.



Problem report authors is not on any specific role in a container team by
default is my tired brain recollects; therefore, you likely have an ACL
conflict as a deny via 'none' or a hard deny.



Are you sure no 'permission implies' association adjustments are getting in
the way?



How is the read to Released granted at Org level? Is principal on that
container team being tested?



Here's what I think is going on:



A grant and a 'none' can cancel each other out in theory as an implicit
deny. The member principal is in more than one group at same domain or
parent domain level.



Hope that helps,

Dave




0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags