Community Tip - New to the community? Learn how to post a question and get help from PTC and industry experts! X
Scenario: Add to workspace of the structure of Solidworks. User has no download right of one file from 100 files.
currently the error message won't show on which file exactly the user has no access. but shows much more files, on which the user has access.
even "work as designed", but it makes the support not possible.
I had a call on this topic with PTC last year and will be submitting a community idea. The problem here is that you can't give up too much information about the item the person doesn't have access to, because maybe they are not supposed to know anything about it.
For example, Let's say that person was not a US citizen, and the component was ITAR or EAR - and protected by a security label. In that case, that person isn't legally allowed to see that item. The problem in this case about letting someone know that the file exists (and metadata about it) may tell that person too much about the item.
From the discussions I had with Product management on this issue... Windchill looks first if you have access to something, if you do not you get the generic <Secured Access> error and Windchill stops there. It doesn't matter if you don't have access because the item is a working copy in someone else's workspace, because you are not part of the team, because it has a security label you don't have access to etc - at that point, Windchill doesn't know anymore information to tell you, because it stopped when it determined you don't have access. What makes it worse, the detailed logs on the back end generally don't contain any more info than the person doesn't have access to something
The idea I will be submitting when I get time will be for the UI to throw a more specific error like <Secured Action - You have attempted to access a file which is (Insert generic detailed error here)> where the generic error might be something like:
And to provide detailed MS logs on the back end that tell the ADMIN what the specific item is so it is quick for the admin to identify the root cause and send the user in the right direction to get it fixed.
Hello jbailey,
thank you for the information.
I can unterstand the thinking behind it.
but currently our issue is, that WGM reports something on which user has access. (instead of general message - no access). It means, user / supporter gets wrong message instead of general message.
your idea is good, maybe we can also ask like that "if the user has Read right for meta data, then the error message should show exactly the file name" - it's the case at us; if not meta data read right, then general message
thanks again for your feedback.
Yeah, that's what I am thinking. In the security label example, the user also can have access. We run into this specific issue when someone tries to change a security label to something they do have access to, and are authorized to change the label value... however there is a working copy of an item in someone else workspace (which the user does not have access to) and the user has no way to know about that working copy. I am wondering if that is the issue you are facing, that there is some sort of working copy of an object being referenced
about the working copy I tested with one test user who has no access to only 2 files. which should not have any working copy (newly rehosted). and we don't change / use security lable, some issue...