14-Alexandrite

Question

restrict access to Context Manager Role

Forum|Forum|1 year ago
July 25, 2024
4 replies
2054 views

Currently, a context manager (Product, Library or Project) can use Configure Actions for Roles to allow other roles to Modify the Team.

The problem is that whatever role is allowed to modify the team can then add themselves to the context manager role.

On a lesser concern, they could also add users to Roles that they are not qualified to complete tasks assigned to that Role in a workflow.

Does anyone know if it is possible to restrict users from being added to a given role (Product manager, Library Manager)?

Other

H

Hari_Vara

16-Pearl

Hi,

If I understand your situation correctly, your non-context manager users end up in adding more team members and also accidentally adding themselves as context managers. Is that right?

Can you show a screen shot of the behaviour? To help us understand if we are talking the same thing?

I think the action can be hidden in UI by profiles.

Take a look at the help article.

https://support.ptc.com/help/windchill/r12.1.2.0/en/index.html#page/Windchill_Help_Center/team/TeamActionVisibilityConfigure.html#

Let us know...

Best Regards

Hari

HelesicPetr

22-Sapphire II

Hi @LG_10096154

I would recommend to use the profile to hide the Configure Action to a managers.

btw it is responsibility of the Manger if he allows some users to modify team and then the responsibility is moved to the person who got the option to modify the team.

PetrH

L

LG_10096154

Author

14-Alexandrite

@Hari_Vara @HelesicPetr That is how we are getting into this problem 🙂

Our context managers are out of control with some context having more than ten users in them. Typically you would expect to only see PLM admin users in that role but we have allowed normal business users of the system to be in that role so they can force/break functionality. We are slowly working on removing all the extra users from the context manager role down to just two people but we are getting push-back from the business to provide a doc control type role with more powers. We have given them the ability to create and modify Team Templates and a few other actions that OOB are only context manager actions. They also want the ability to add users to Roles and that makes business sense as they have an Engineer that is joining the team or another quality person etc in those Engineer or Quality Role. We do have an access request process but as you can image they feel that is slow and cumbersome. We are considering showing the context owners that they can use Action on Roles to provide another role like Doc Control the ability to modify the team but that opens the gate for Doc Control to also add themselves to the context manager role when they need advanced actions (permissions).

So what I am looking for is a way to allow a role to modify the team but not a specific role (Product Manager, Library Manager). The context manager does need the ability to modify the team as they are charged with completing the approved access request to that context.

If we could hide just context manager role from the Team page that would help?

joe_morton

18-Opal

In each of our Contexts, we have a Product/Library Manager that is just from our Windchill admin team. We don't let any other users in that role.

We made a separate role (where needed) that we call a Team Administrator. I forgot how we set it up, but I think we used Configure Actions for Roles to allow that Role to Modify Team.

Something to consider to see if it works for you

L

LG_10096154

Author

14-Alexandrite

One thing I should note is that we have over 200 product contexts and more than 100 libraries not to mention close to 500 Project contexts so having a small PLM team add users to Roles would not be manageable plus the PLM team does not know what Roles the users should be in (that's a different issue).

The result is we need a responsible person from that context to manage users in Roles but we don't want them to have the ability to add other users to the context manager role (snowball).

We have a utility that allows a Role in the context (like Doc Control) the ability to create and modify Team Templates for workflows. We have another utility that lets them Reassign tasks for others. So we do have the ability to give them most of what they need but not all they want 🙂

The "sticky wicket" is context team management. How do we allow a Role to manager access to all the Roles in a given context without having context manager access. And if that is not possible, can we stop someone in the context manager role from modifying just that context manager role so they can't add others to it (snowball)?

Seems like PTC is missing this critical feature for large companies with many contexts to manage.

Here is a post form 2014 about the same issue.

https://community.ptc.com/t5/Windchill/How-to-grant-an-Owner-the-ability-to-edit-context-teams/td-p/431324

So far, PTC just points to the Actions For Roles. CS19432

HelesicPetr

22-Sapphire II

Hi @LG_10096154

Create an Idea to implement that functionality. May be in 2035 it could be available.

Or rearrange your team responsibility and use the system the way how it can be used (create own role and add the option to modify team and test it.).

Or crate an customization to do what you need.

PetrH

R

rhart

16-Pearl

You can create a custom role which can modify members of any role in the same team except manager roles.

Create a new custom role with enumcustomize, we called it PLM Team Manager. Add PLM Team Manager to existing context teams and configure the action, modify team. The PLM Team Manager can’t add themselves or anyone else to the Product Manager role.

Sign up

Please use your PTC eSupport account.

Welcome to the PTC Community

Please use your PTC eSupport account.

Scanning file for viruses.

This file cannot be downloaded