Skip to main content
B
23-Emerald III
BenLoosli23-Emerald III
23-Emerald III
November 21, 2018
Solved

Limited access

  • November 21, 2018
  • 2 replies
  • 3993 views

We have a few documents that need to be in Windchill but management wants access restricted to a few people, not the whole engineering organization. Security labels are an overkill, besides a PITA to setup, for only a few documents.

 

If I create a new folder in the doc lib and a new group of the restricted users, can I set ACL rules for that one folder so only the restricted group can see and access the files in that folder?  I know I could do it at the Library level with a new Restricted Lib, but that involves OS folders and all of that setup, which is also overkill.

 

We have a Doc Lib under the Library tab with a Main sub-folder. In the Main sub-folder, we have various document type folders. I would create a new folder at this level, named Manager Restricted (or something like that) to place these few documents in. For user access, I would create a new group named Restricted and give that group access to the folder while denying access to the engineering group. The users in the Restricted group would also be members of the engineering group, so which permission right wins?

 

Any suggestions, hints or details about what you have done will be helpful.

 

Windchill 11.0 m030 CPS08

Best answer by TomU

Yes, controlling this at the folder level is definitely possible.  You will need to create a new sub-domain in the policy administrator under that context and then change the folder to use this sub-domain.  It's not difficult, just kind of clunky.  Pay attention to the 'Absolute Deny' in the second picture.  That's what makes it all work.  Everyone not in that group is prevented access.

Sub Domain.PNG

Sub Domain ACL.PNGFolder Domain.pngFolder Domain Picker.PNG

2 replies

T
23-Emerald IV
TomU23-Emerald IVAnswer
23-Emerald IV
November 21, 2018

Yes, controlling this at the folder level is definitely possible.  You will need to create a new sub-domain in the policy administrator under that context and then change the folder to use this sub-domain.  It's not difficult, just kind of clunky.  Pay attention to the 'Absolute Deny' in the second picture.  That's what makes it all work.  Everyone not in that group is prevented access.

Sub Domain.PNG

Sub Domain ACL.PNGFolder Domain.pngFolder Domain Picker.PNG

    S
    slapha15-Moonstone
    15-Moonstone
    November 21, 2018

    can confirm. We use the unique domain method to control ACL's on the folder. We use it to make private folders, and restrict edit capability to select folders.

    Though we have noticed an issue where the Edit access control window doesn't necessarily show what access is really being granted/denied. PTC is looking into it, but solution remains to be seen (11.0 M030 CPS 05).

    S
    SvenVanDroogenb1-Visitor
    1-Visitor
    April 4, 2019

    Alternative solution is to work with document sub-types.  Easier to configure access rights.

    Terms & ConditionsCookie settingsAccessibility statement