How do I ensure the MFG Team views only Released Drawings

Hi

as OOTB all team memebers has Read permission for release object, you have to overide the same by dening the permission against of MFG Role in ACL.

MKR

You can check the Access Information Table via Manage Security to find out why a group still has access to the objects:

Select Actions > Manage Security

Add the principal to the list via the "+" button

Click on the info icon to open the "Access Information" table

Update the permissions/policies listed accordingly to get the desired level of access.

Refer to Access Information Page topic in the Windchill Help Center for more information

Hi Sriram,

Were you able to get what you needed working? We did this by creating a MFG role in the Product/Project. We then created a MFG group for the team members who are only suppose to view drawings at a certain lifecycle state, and added that group to the MFG role (this is defined in the template for any new products/projects as well).

In the Policy Administrator (Site -> Utilities -> Policy Administrator) we set rules to allow access to objects by their role and by lifecycle state. We edited the default rule giving read access to all, and instead only give read access to all users where the life cycle state = Released. Other roles are granted access to objects at other states as needed. For example, engineers have full access to all items at all roles except released. At released they can read and revise. Buyers have read access to all items at prototype, pre-release, release, and change pending.

Let me know if you need any help with this.

Thanks,

Micah

Traditionally you need to redesign the Access Controls;

PTC's out of the box Access Controls have teamMember that you need to delete.

1. Delete OOTB teamMember ACL against EPMDocuments

2. Make A New Role such as ViewReleasedCAD; Set ACLs for Read or Read/Download for State such as Released for EPMDoc

3. Add Groups to Role per COntext.

Pretty Much a standard Procedure for every customer

Hi Sriram,

You can achieve this by the followin steps:

1) Pool the specific MFG users to a User group.

2) Go to "Security" in Org Utilities and enable Folder domain display to YES.

3) Create a Domain and rule the policy administration for the following two conditions:

> The EPM Document object should carry "Deny" permission for all the listed actions under "In Work" State.

> The EPM Document object should be given "Read" Permissiono alone for the "Released" State.

4) Once when you had created the above policy now go to the folders where you need to apply this policy rule - Right click - Edit - Uncheck the Inherit Domain option - Click on Find and select the domain & policy rule that you had created in the above step and click "OK"

and DONE..

Hope this helps!

regards,

Amarkarthi

Sriram,

Were you able to get this resolved?