cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you know you can set a signature that will be added to all your posts? Set it here! X

[Tc-infrastructure] - Windchill User Substantiation/Audit

pwilliams-3
11-Garnet
11-Garnet
‎Sep 26, 2011 01:19 PM
‎Sep 26, 2011 01:19 PM

[Tc-infrastructure] - Windchill User Substantiation/Audit

Ted,
I am also responsible for the Windchill usage at my company (Steelcase Inc.). Here is my setup and you can tell me what you think. Our system is connected to our corporate LDAP as well but with a slight caveat. Only the principals that are a member of the "windchill-usr-prod" group can access the system. We do this by adding an additional property to the Enterprise LDAP adapter. Therefore we know exactly how has access to Windchill and how does not. Additionally the IT group has give read/write permissions to us for that group. That gives us the ability to add/remove users from Windchill. When removing a user from Windchill we follow these steps.
Checkin Modified Objects

1. Login to Windchill as an Organization Administrator.

2. Click Search.

3. Select the CHECKED OUT BY saved search.

4. Input the user id for the Checked Out By search criteria and click Search.

5. If any checked out objects exist, contact Product Leader of the owning context to determine the recovery process for those objects. Recovery methods include the following:

a. Obtain user credentials and machine to authenticate and checkin the checked out objects.

b. Obtain the user's machine and use the Windchill Workspace Recovery tool to recover modified objects. Then reconcile those objects with Windchill.

Reassign Pending Work Items

1. TBD

Remove the User from Windchill

1. Login to Windchill as an Organization Administrator.

2. Click Organization on the Major tab.

3. Click Utilities on the Minor tab.

4. Click the Principal Administrator link under the Business Administration heading.

5. Add the user to be removed to the Users table.

6. Click the Remove User From Cache icon in the Actions column for the user.

7. Click the Remove User From Windchill icon in the Actions column for the user.
[cid:image003.png@01CC7C4E.F4E89BC0]
Remove the Personal Cabinet

1. Login to Windchill as a Site Administrator.

2. Click Site on the Major tab.

3. Click Utilities on the Minor tab.

4. Click the Personal Cabinets Administration link under the System Administration heading.

5. Verify that the user has no checked out work by clicking the Checked Out Work icon for the user.

[cid:image004.jpg@01CC7C4E.F4E89BC0]

6. Check the box on the left side of the table for the user and click the Delete button to delete the personal cabinet.

Remove the User from Active Directory Group

1. Login to snap in a browser.

2. Manage the windchill-usr-prod group.

3. Click the Update Group button.

4. Select the user in the Members table and click the Remove button.
[cid:image005.jpg@01CC7C4E.F4E89BC0]

5. Click the Submit button.
When a user leaves the company an automated email get's sent out to specific system administrators. The Windchill team have such administrators. Therefore we are able to remove that principal from the system which keeps our named users below our license count. We also use the License Auditing report to make sure that the number of named users is below our license count. If you would like to talk about this over the phone don't hesitate to give me a call.

Patrick Williams | Engineering Systems | o: 616.698.3766 | c: 616.947.2110
[cid:image006.jpg@01CC7C4E.F4E89BC0]
Labels:
Preview file
22 KB
Preview file
10 KB
Preview file
35 KB
0 Kudos
Notify Moderator
2 REPLIES 2
MikeLockwood
22-Sapphire I
22-Sapphire I
(To:pwilliams-3)
‎Sep 26, 2011 01:25 PM
‎Sep 26, 2011 01:25 PM

Action below gives people access to Windchill.
How do you control their permissions - add them to one or more Org/Groups, true?

So, management of user accounts requires both Active Directory and Windchill actions. We choose to allow every single user in Active Directory to log on, but they have no access to any data - that comes from membership in one or more Groups in Windchill, requiring action only in Windchill and none in Active Directory.
Preview file
22 KB
Preview file
10 KB
Preview file
35 KB
0 Kudos
Notify Moderator
pwilliams-3
11-Garnet
11-Garnet
(To:pwilliams-3)
‎Sep 26, 2011 02:37 PM
‎Sep 26, 2011 02:37 PM

Mike,
You are correct I need to take action in both systems. However "I" have the access to take both of those actions.

Patrick Williams | Engineering Systems | o: 616.698.3766 | c: 616.947.2110
[cid:image005.jpg@01CC7C59.D8924560]

From: Lockwood,Mike,IRVINE,R&D [
Preview file
10 KB
Preview file
35 KB
Preview file
22 KB
0 Kudos
Notify Moderator
Top Tags