cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Use of Security labels & access controls for nationally classified information.

Highlighted
Newbie

Use of Security labels & access controls for nationally classified information.

I have a requirement to restrict access to the meta data and content (documents) in Windchill based on a security context.

Not only do I need to restrict access, but I need to store the content in a specific location, which will be in a different location to the application server. i.e in another country if documents

are Nationally classified.

The Windchill 11 overview states this is possible, but I would like to know more details.

6 REPLIES 6
Highlighted

Re: Use of Security labels & access controls for nationally classified information.

There is a lot of setup involved with implementing security labels! Read the documents carefully as you are modifying core Windchill resource bundle files. Especially take note of the warning that says "Editing these files may prevent your Windchill system from starting". This definitely requires good backup and a test server to implement.

To store content in a secondary vault should not be an issue, but getting the proper settings to do it automatically may. You would need OIRs that put documents in that vault. If only certain documents of a type require this security, that is harder to do automatically without some deep programming.

Highlighted

Re: Use of Security labels & access controls for nationally classified information.

Thanks Ben, I know it was quite tricky with V10. I understood it is better in V11, but possibly not.

Highlighted

Re: Use of Security labels & access controls for nationally classified information.

Hi  

 

Would you be able to share more infromation on this, I have the same requirement and will be great if you can direct me to right guides or Help.

 

Thanks,
Rahul

Highlighted

Re: Use of Security labels & access controls for nationally classified information.

@rbhoraskar  The Security Label Configuration and Implementation guide should have the information you need. You can assign a Site Principal to the Replica site you are creating. If the Principal has access to the object only in that case the object will be replicated to the site.

 

Check - https://support.ptc.com/help/windchill/whc/whc_en/index.html#page/Windchill_Help_Center%2FSecurityLa...

Tags (2)
Highlighted

Re: Use of Security labels & access controls for nationally classified information.

@yadavankur Hi Ankur,

 

Would you please mid looking at this requirement and suggest ?

 

Our customer is having Master Windchill in “UK”, they are looking to use same Windchill in “Canada” and “Netherlands” as well.
But they have an Export control and security control policies which states that:

à The data or files created in Canada, they should be vaulted to Canada and does not go to Master in UK
à Same for Netherlands, data or files created in Netherland, they should be vaulted to Netherland and does not go to Master in UK

Is this scenario is possible to achieve when UK is master server and Canada and Netherland is “File Server”.

If yes, how can we achieve this ?? for example

• Vaulting rules ?
• File Vault configuration ? Security Labels ?
• No Replication/Sync to Master in UK?

 

Thanks,
Rahul

Highlighted

Re: Use of Security labels & access controls for nationally classified information.


@yadavankur wrote:

@MyFedLoan The Security Label Configuration and Implementation guide should have the information you need. You can assign a Site Principal to the Replica site you are creating. If the Principal has access to the object only in that case the object will be replicated to the site.

 

Check - https://support.ptc.com/help/windchill/whc/whc_en/index.html#page/Windchill_Help_Center%2FSecurityLa...


Especially take note of the warning that says "Editing these files may prevent your Windchill system from starting". This definitely requires good backup and a test server to implement.

 

To store content in a secondary vault should not be an issue, but getting the proper settings to do it automatically may. You would need OIRs that put documents in that vault.

Announcements