Skip to main content
15-Moonstone
September 15, 2014
Question

Managing Users

  • September 15, 2014
  • 16 replies
  • 13831 views
Hi,

For last 7+ years in Windchill Production at Alcon, we stored Users & Groups information in Windchill Active Directory. Since June 2014, we have moved to our Corporate Active Directory. I would like to know how other companies handled users who have left the company. There are few things we have discussed internally, but would like to know more from the user community.

Process 1:

1) User ABC left the company.

2) It becomes disconnected principal in Windchill

3) Delete user ABC from Windchill

Process 2:

1) User ABC left the company

2) Associate user ABC to a new local user something like ABC - Deactivated which is only existing in Windchill Active directory.

I prefer process 1 stated above. Only issue with that I can foresee is we cannot search on what all activity user ABC has done in Windchill before leaving.

Process 2 gives advantages on searching on this user, because it is not disconnected anymore. However we are altering history here. Everywhere the user is replaced with ABC - Deactivated.

Let me know how it is handled at your end.

Thanks,

Preeti

16 replies

15-Moonstone
September 15, 2014
This search does not work on 10.1 M040. Thanks Tom for getting screenshot. I agree that history will show Preeti Gupta(deleted), however in our system I cannot search for what Preeti Gupta did in Windchill . We have to go to Individual documents/parts to see history. There is no way I can get a list of everything the user worked on in last 2 months for example.


15-Moonstone
September 15, 2014
Ok, I take it back, This is funny the way this works after user is deleted from Windchill. The Full Name search is case sensitive now ...wow, I cannot believe the way it is doing it. I almost declared that I cannot search for the user once deleted 🙂
I am so glad that I posted it here, glad to have support from you guys.
[cid:image001.png@01CFD0F5.869FD3A0]
[cid:image002.png@01CFD0F5.869FD3A0]

[cid:image006.png@01CFD0F4.26054170]
22-Sapphire I
September 16, 2014
A while back I got very curious about this and created a document with a
bunch of screen captures - showing Windchill UI, the database and LDAP after
each action on some test users. Can't find a copy now, but maybe Preeti or
JP can dig up.


The word "Delete" is used in the Participant / Principle Administrator, but
the user is not actually deleted from the database (WTUSER table). This
allows every action that the user ever took to be presented forever. Don't
recall, but "delete" may actually remove the user from Windchill DS if
active directory integration is not used.



Would be nice if PTC clarified what the "delete" action did in the
Participant / Principle Administrator.



Best practices and standard procedures for handling users who have left have
been posted at least a dozen times that I can recall, but there always seem
to be differences and nuances to consider.


1-Visitor
September 16, 2014

Hi all,


When a user leaves the company, in my opinion, the Windchill user can be deleted.


I have done thie before, and good thing is that the foot print o th user remains in Windchill.


For example, "Created by :ABC (Deleted) " will be shown.


Regarding handling that user from LDAP, like Windows Active Directory, the best practice is that


that user will probably deleted by the Windows Admin.


Moving the deleted Windchill user to a "Deleted Users" group may be messy. you will never


know to which actual groups th user belonged to.


By and large this process is good enough.


If there is a sytem migration to a latr release of Windchill is planned, still I think that the deleted


users too can be migrated.


Foot prints of a user who has left can be very useful down the years during a design review or CRB



Thanks & Regards


Hari Varadharajan


Tata Consultancy Services

September 16, 2014

Instead of deleting or disabling user I would prefer creating one group in Windchill called deletedUsers and then add all user deleted uses in this group.



If users are from AD and as per company’s corporate policy users’ needs to be deleted from AD when they left organization then let IT delete user from AD. Now, deleted user will be disconnected user in Windchill. Create dummy user in WindchillDS and reconnected disconnected user with dummy user created in Windchill DS. Also remove users from all other groups (groups create for workflow or for manage ACL’s)



Since, user is neither deleted nor disconnected so everything should work fine i.e. Searching of users, Disconnected/ Deleted will also not appear in the user name.




Thanks,


Shreyas

1-Visitor
September 16, 2014

In our company, we don't delete Windchill users, we disable a Windchill user by renaming <username> to X-<username>,changing <full name="> to <full name="> (Deleted), making user's email field empty. Also we remove all groups/roles from user and change password.


We have many interns/contractors/consultants coming back time to time,this makes re-activating returning users pretty simple.