cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can subscribe to a forum, label or individual post and receive email notifications when someone posts a new topic or reply. Learn more! X

Uploading files with Security Labels (Secure site not found for upload)

Go to solution
avillanueva
22-Sapphire II
22-Sapphire II
‎Nov 07, 2023 04:47 PM
‎Nov 07, 2023 04:47 PM

Uploading files with Security Labels (Secure site not found for upload)

I am playing around with this on my server and I am running into this issue. This article seems to point to the issue:

https://www.ptc.com/en/support/article/CS371380?source=search

So my master site is handled by the Administrator's group with I think is default OOTB. The major draw to using security labels is that we can restrict access to objects, even the administrators. This seems to be telling me that I need to include site administrators to the group that is allowed to see content with these restrictive labels. Bummer. I get publishing and I am ok with that. I can also see using wcadmin and not the group since wcadmin should not be used ever to access data as a normal user. 

 

This was odd to stumble into this since the user that I am logged in as is part of the unrestricted principal members but not wcadmin. I just don't see how the extra check for the principal for the site mattered.

Labels:
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
avillanueva
22-Sapphire II
22-Sapphire II
(To:jbailey)
‎Nov 08, 2023 07:45 AM
‎Nov 08, 2023 07:45 AM

Reading docs, looks like start of trail is here:

Selecting a Site Principal 

It seems to make sense. Let's say I have ITAR restricted data but in a global system, I have a site location for vaulting that was non-US. By making the site participant not an authorized principal, it would block and accidental upload or replication of data to that location which would be a violation. I do not have such complexities here so I just need to ensure the system still functions. Looks like wvs publishing user and wcadmin would need to be added. I do have other people in Administrators group (real people) which I would to still block from restricted data if there was not a valid need to know. Yes group of groups is easiest but if it gets too complex, a custom class might be necessary. Now where is my Little Orphan Annie secret decoder ring?

View solution in original post

Notify Moderator
2 REPLIES 2
jbailey
17-Peridot
17-Peridot
(To:avillanueva)
‎Nov 07, 2023 07:38 PM
‎Nov 07, 2023 07:38 PM

Pretty much, yes. and since "Authorized Participant" is a single group, you must likely use a group of groups.

0 Kudos
Notify Moderator
avillanueva
22-Sapphire II
22-Sapphire II
(To:jbailey)
‎Nov 08, 2023 07:45 AM
‎Nov 08, 2023 07:45 AM

Reading docs, looks like start of trail is here:

Selecting a Site Principal 

It seems to make sense. Let's say I have ITAR restricted data but in a global system, I have a site location for vaulting that was non-US. By making the site participant not an authorized principal, it would block and accidental upload or replication of data to that location which would be a violation. I do not have such complexities here so I just need to ensure the system still functions. Looks like wvs publishing user and wcadmin would need to be added. I do have other people in Administrators group (real people) which I would to still block from restricted data if there was not a valid need to know. Yes group of groups is easiest but if it gets too complex, a custom class might be necessary. Now where is my Little Orphan Annie secret decoder ring?

Notify Moderator
Top Tags