Is someone willing to share some thoughts about a conceptual security model?
I'm rethinking the way I try to organise the access control rules, in order to prepare a migration from 8.0 to 9.1. Windchill 9.1 has new permissions, has the ability to use context team roles on organisation level, allows to change permissions ad hocfor anobject, and most of all, the security rules I actually implemented aren't full proof.
The security model I'm working on spans ingeneral the objects EPMDocuments, WTDocuments, WTParts and Change objects. Without going into detail, the general profiles I can think of are (1) someone that can read released data, (3) someone that can read all data, and (3) someone that can create and modify (according the life cycle state).
One of my issues is whether or not to provide a context role for every combination of a 'general profile' and 'general objects'. I will end up with at least 12 roles of each container, disregarding workflow driven roles, what's a little bit rediculous. But will it be feasable over time to maintain roles for several combinations of profiles and objects? Or is it an exercise in balance between flexibility and maintainability?
TIA, Hugo.
<< ProE WF3 M190 - PDMLink 8.00 M040 >>