cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can Bookmark boards, posts or articles that you'd like to access again easily! X

Windchill Folder permissions

JohnMattson
2-Explorer
2-Explorer
‎Aug 11, 2011 12:00 PM
‎Aug 11, 2011 12:00 PM

Windchill Folder permissions

(I'm running WC 9.1 M050 and Elements/Pro 5.0)
I'd like to make 1st level folders within a Product to be read-only to users, so that they cannot check objects in at the top level and so that they cannot create additional folders at the main level (admins will do that). Once first level folders are created by the admin, I'd them to have permissions that allow users (e.g. the Designer role) to have full control of those subfolders. Is this doable? I'm assuming it would be done with Access Control rules at the different folder levels?

Thanks, John


Labels:
0 Kudos
Notify Moderator
9 REPLIES 9
MikeLockwood
22-Sapphire I
22-Sapphire I
(To:JohnMattson)
‎Aug 11, 2011 12:07 PM
‎Aug 11, 2011 12:07 PM

During folder creation there is an Access Control panel. If already created, use Manage Security as the action on the Folder.
In the Policy Administrator, remove permissions on "SubFolder" such that all permissions are only granted on the folders thru the Folders themselves.
0 Kudos
Notify Moderator
MikeLockwood
22-Sapphire I
22-Sapphire I
(To:JohnMattson)
‎Aug 11, 2011 12:08 PM
‎Aug 11, 2011 12:08 PM

Also - Set up all your OIR's with a Folder specified after /Default - this enforces all objects being created at other than the root in each context.

From: Lockwood,Mike,IRVINE,R&D
0 Kudos
Notify Moderator
MikeFoster
7-Bedrock
7-Bedrock
(To:JohnMattson)
‎Aug 11, 2011 04:17 PM
‎Aug 11, 2011 04:17 PM

Hi John,

I achieved this functionality using these ACL's.

Cabinet Guest Read
Cabinet Product Manager Read,Modify
Cabinet Team Members Read
SubFolder Designer Read,Modify,Modify Identity,Create,Delete
SubFolder Guest Read
SubFolder Team Members Read

The only downside is an apparent bug that prevents users from moving more than one object at a time out of a top-level folder - For some Windchill reason the little move icon disappears in the top-level folder with these settings even though "Move" is still available in the actions pulldown for an object.

Mike Foster
ATK

0 Kudos
Notify Moderator
raghavendra.dat
1-Visitor
1-Visitor
(To:JohnMattson)
‎Nov 02, 2011 07:48 AM
‎Nov 02, 2011 07:48 AM

Hi John, Usually we achieve this by creating new domains for each folder/subfolder as required and provide access on subfolder or cabinet to required group/role through ACLs.


1. Under /Default domain create a new domain. For easy understanding, give folder/subfolder name on which you want to control access.


2. Goto Product -> Utilities -> Preference Manager


3. Search for "Display Folder Domains" under "Security" preference. Set it to "Yes".


4. Go to Product -> Folders tab, edit folder/subfolders and set domain from /Default to newly created ones accordingly. Domains can be set while creating new folders/subfolders as well.


5. Update access policy for /Default/<folder specific=" domain="> access in policy administrator andgrant/deny access for "subfolder" or "cabinet" as per your requirement.


I hope it will be useful for you.


Regards,


Raghavendra

0 Kudos
Notify Moderator
ejhlti
1-Visitor
1-Visitor
(To:JohnMattson)
‎Nov 02, 2011 09:48 AM
‎Nov 02, 2011 09:48 AM

On a related note, is there any way to prevent users from checking in new objects (or moving objects)to a product root, i.e. they have to set a folder under the product ?

0 Kudos
Notify Moderator
raghavendra.dat
1-Visitor
1-Visitor
(To:JohnMattson)
‎Nov 03, 2011 05:29 AM
‎Nov 03, 2011 05:29 AM

Hi Ed,


The root folder will be mapped by default to "/Default" domain. There you can deny or removecreate/move permissions on it as per your requirement.


And, for sub folders create a new domain, map it with the subfolderand provide required permissions for that subfolder.


I hope it answers your question.

0 Kudos
Notify Moderator
ejhlti
1-Visitor
1-Visitor
(To:JohnMattson)
‎Nov 17, 2011 10:14 AM
‎Nov 17, 2011 10:14 AM

regarding disabling the ability to create objects at a product root, Mike Foster gave me the tip below. Works perfect for preventing check-in at the root level of a product, however by disabling the modify permissions in the cabinet, users can no longer create a change request (most likely other change objects also). Can anyone think of a workaround for this ?



Remove modify permission from the Cabinet type to do that.


Modify permission on Cabinet required to add, move, or remove any object from the Cabinet (top folder of a Product)



  • Not required for movement among subfolders

  • Required for creating a SubFolder in the cabinet but not sub-SubFolders

  • Not required for renaming a SubFolder or object in the Cabinet

  • Not required for deleting a SubFolder

0 Kudos
Notify Moderator
ddemay
7-Bedrock
7-Bedrock
(To:JohnMattson)
‎Nov 17, 2011 10:28 AM
‎Nov 17, 2011 10:28 AM

OIR on change objects could be tweaked?, soft type the subfolder object and create soft typed folders with different ACL's.



Sent from my Verizon Wireless BlackBerry
0 Kudos
Notify Moderator
patrick.chin1
1-Visitor
1-Visitor
(To:JohnMattson)
‎Nov 18, 2011 03:12 PM
‎Nov 18, 2011 03:12 PM

I would do a combination of OIR default folder location for creation of objects and ACL to prevent objects from changing domains. After creation into a designated sub folder like, /Default/EPMDocuments/..., /Default/WTPart/..., /Default/WTDocuments/..., etc, based on OIRs of the objects, you can add additional ACL to prevent moving/modifying objects from domain to domain.


That's OOTB suggestion,



Patrick

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags