Hello community, hope you are safe.
I have a big folder structure and a lot of custom roles. The idea is that 1 folder is only visible for 3 roles, and these roles change in every folder, so is a lot of work. So I created 3 Access Control Rules for every role that must have visibility where I used the option "All except selected participant" and select the option Deny Full Control (All) hoping that this will do the work for all the roles, but it seems that this doesn't work because the 3 ACR don't get along well. For what I see It seems is only possible to have 1 Deny Full Control (All) using the option "All except selected participant" because they cancel or mess the access to the visibility between the 3 roles.
I came with the idea to create a set of ACR for every folder and there create 1 ACR for every role removing visibility (a lot of roles and folders), except for the 3 roles that must have access, but I could bet my salary there is a better and faster way to do it.
Any advice would be appreciated!!
Hiding the Folders does not hide what is in the folders. If a user accesses what is in a folder via search or structure, or from a link provided by someone else, it will be available. For "Location" it will list (secured information) or something equiv.
Might be best to focus on access to what is in the Folders.
Hi @mlockwood I have miss what you said and is an important issue. Thanks!, I now know I have to change the focus, but with my current knowledge and with what you said, only seems that I have more elements to manage (the folders and all that could be possible inside them).
In general, users should ALWAYS be encouraged to find data either by searching or by accessing from a structure. Your Windchill can work totally fine with absolutely no folders.
Assume that no users ever browse within folders, and so focus on whether they can access the data or not.
Beyond that, it's very important to consider at what state they can access the data. Some users should be able to access at all states; some only at Released for example.
If some CAD Document has in it's history for example:
A.1 In Work
A.2 In Work
B.1 In Work
- user1 who can access all states would see B.1 from a search.
- user2 who can only access Released data would see A.3 from a search (and have no indication that Rev B exists).
Consider further though that if you are using Windchill change management, there will be an icon on A.3 indicating that a change is in process.
If you can, convince all users to abandon folders in general.
@mlockwood You are right, using attributes you can abandon folders, but it will take some time to convince all user to forget the folder structure, but thanks for your great advice.