cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Stay updated on what is happening on the PTC Community by subscribing to PTC Community Announcements. X

Uploading files with Security Labels (Secure site not found for upload)

avillanueva
22-Sapphire II

Uploading files with Security Labels (Secure site not found for upload)

I am playing around with this on my server and I am running into this issue. This article seems to point to the issue:

https://www.ptc.com/en/support/article/CS371380?source=search

So my master site is handled by the Administrator's group with I think is default OOTB. The major draw to using security labels is that we can restrict access to objects, even the administrators. This seems to be telling me that I need to include site administrators to the group that is allowed to see content with these restrictive labels. Bummer. I get publishing and I am ok with that. I can also see using wcadmin and not the group since wcadmin should not be used ever to access data as a normal user. 

 

This was odd to stumble into this since the user that I am logged in as is part of the unrestricted principal members but not wcadmin. I just don't see how the extra check for the principal for the site mattered.

ACCEPTED SOLUTION

Accepted Solutions
avillanueva
22-Sapphire II
(To:jbailey)

Reading docs, looks like start of trail is here:

Selecting a Site Principal 

It seems to make sense. Let's say I have ITAR restricted data but in a global system, I have a site location for vaulting that was non-US. By making the site participant not an authorized principal, it would block and accidental upload or replication of data to that location which would be a violation. I do not have such complexities here so I just need to ensure the system still functions. Looks like wvs publishing user and wcadmin would need to be added. I do have other people in Administrators group (real people) which I would to still block from restricted data if there was not a valid need to know. Yes group of groups is easiest but if it gets too complex, a custom class might be necessary. Now where is my Little Orphan Annie secret decoder ring?

View solution in original post

2 REPLIES 2

Pretty much, yes. and since "Authorized Participant" is a single group, you must likely use a group of groups.

avillanueva
22-Sapphire II
(To:jbailey)

Reading docs, looks like start of trail is here:

Selecting a Site Principal 

It seems to make sense. Let's say I have ITAR restricted data but in a global system, I have a site location for vaulting that was non-US. By making the site participant not an authorized principal, it would block and accidental upload or replication of data to that location which would be a violation. I do not have such complexities here so I just need to ensure the system still functions. Looks like wvs publishing user and wcadmin would need to be added. I do have other people in Administrators group (real people) which I would to still block from restricted data if there was not a valid need to know. Yes group of groups is easiest but if it gets too complex, a custom class might be necessary. Now where is my Little Orphan Annie secret decoder ring?

Announcements


Top Tags