cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community email notifications are disrupted. While we are working to resolve, please check on your favorite boards regularly to keep up with your conversations and new topics.

Uploading files with Security Labels (Secure site not found for upload)

Go to solution
avillanueva
22-Sapphire II
22-Sapphire II
‎Nov 07, 2023 04:47 PM
‎Nov 07, 2023 04:47 PM

Uploading files with Security Labels (Secure site not found for upload)

I am playing around with this on my server and I am running into this issue. This article seems to point to the issue:

https://www.ptc.com/en/support/article/CS371380?source=search

So my master site is handled by the Administrator's group with I think is default OOTB. The major draw to using security labels is that we can restrict access to objects, even the administrators. This seems to be telling me that I need to include site administrators to the group that is allowed to see content with these restrictive labels. Bummer. I get publishing and I am ok with that. I can also see using wcadmin and not the group since wcadmin should not be used ever to access data as a normal user. 

 

This was odd to stumble into this since the user that I am logged in as is part of the unrestricted principal members but not wcadmin. I just don't see how the extra check for the principal for the site mattered.

Labels:
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
avillanueva
22-Sapphire II
22-Sapphire II
(To:jbailey)
‎Nov 08, 2023 07:45 AM
‎Nov 08, 2023 07:45 AM

Reading docs, looks like start of trail is here:

Selecting a Site Principal 

It seems to make sense. Let's say I have ITAR restricted data but in a global system, I have a site location for vaulting that was non-US. By making the site participant not an authorized principal, it would block and accidental upload or replication of data to that location which would be a violation. I do not have such complexities here so I just need to ensure the system still functions. Looks like wvs publishing user and wcadmin would need to be added. I do have other people in Administrators group (real people) which I would to still block from restricted data if there was not a valid need to know. Yes group of groups is easiest but if it gets too complex, a custom class might be necessary. Now where is my Little Orphan Annie secret decoder ring?

View solution in original post

Notify Moderator
2 REPLIES 2
jbailey
17-Peridot
17-Peridot
(To:avillanueva)
‎Nov 07, 2023 07:38 PM
‎Nov 07, 2023 07:38 PM

Pretty much, yes. and since "Authorized Participant" is a single group, you must likely use a group of groups.

0 Kudos
Notify Moderator
avillanueva
22-Sapphire II
22-Sapphire II
(To:jbailey)
‎Nov 08, 2023 07:45 AM
‎Nov 08, 2023 07:45 AM

Reading docs, looks like start of trail is here:

Selecting a Site Principal 

It seems to make sense. Let's say I have ITAR restricted data but in a global system, I have a site location for vaulting that was non-US. By making the site participant not an authorized principal, it would block and accidental upload or replication of data to that location which would be a violation. I do not have such complexities here so I just need to ensure the system still functions. Looks like wvs publishing user and wcadmin would need to be added. I do have other people in Administrators group (real people) which I would to still block from restricted data if there was not a valid need to know. Yes group of groups is easiest but if it gets too complex, a custom class might be necessary. Now where is my Little Orphan Annie secret decoder ring?

Notify Moderator
Top Tags