Community Tip - You can subscribe to a forum, label or individual post and receive email notifications when someone posts a new topic or reply. Learn more! X
Hi John, Usually we achieve this by creating new domains for each folder/subfolder as required and provide access on subfolder or cabinet to required group/role through ACLs.
1. Under /Default domain create a new domain. For easy understanding, give folder/subfolder name on which you want to control access.
2. Goto Product -> Utilities -> Preference Manager
3. Search for "Display Folder Domains" under "Security" preference. Set it to "Yes".
4. Go to Product -> Folders tab, edit folder/subfolders and set domain from /Default to newly created ones accordingly. Domains can be set while creating new folders/subfolders as well.
5. Update access policy for /Default/<folder specific=" domain="> access in policy administrator andgrant/deny access for "subfolder" or "cabinet" as per your requirement.
I hope it will be useful for you.
Regards,
Raghavendra
On a related note, is there any way to prevent users from checking in new objects (or moving objects)to a product root, i.e. they have to set a folder under the product ?
Hi Ed,
The root folder will be mapped by default to "/Default" domain. There you can deny or removecreate/move permissions on it as per your requirement.
And, for sub folders create a new domain, map it with the subfolderand provide required permissions for that subfolder.
I hope it answers your question.
regarding disabling the ability to create objects at a product root, Mike Foster gave me the tip below. Works perfect for preventing check-in at the root level of a product, however by disabling the modify permissions in the cabinet, users can no longer create a change request (most likely other change objects also). Can anyone think of a workaround for this ?
Remove modify permission from the Cabinet type to do that.
Modify permission on Cabinet required to add, move, or remove any object from the Cabinet (top folder of a Product)
I would do a combination of OIR default folder location for creation of objects and ACL to prevent objects from changing domains. After creation into a designated sub folder like, /Default/EPMDocuments/..., /Default/WTPart/..., /Default/WTDocuments/..., etc, based on OIRs of the objects, you can add additional ACL to prevent moving/modifying objects from domain to domain.
That's OOTB suggestion,
Patrick