I am learning ACL.
I got confused by them.
My questions is
if the workflow ACL shows that Write access is prohibited and in the ACL tree Write Access is not prohibited, which one is applied to object?
I am trying to create ACL, but when I make the sisutation where Write access is prohibited in WF designer, always user have write access to the target object.
i don't know why....
Could you tell me how to use WF ACL with example?
Solved! Go to Solution.
Foe example, I would like to make the situation where the users can do the check-out and check-in to the object which is in WF.
In that case, how do I do that?
Sorry for the many post from my side.
In addition to that, in theACL controle list, Doing check-in and check-out is not prohibited because of ACL wf. But when I look at acl extra dialog, Doing check-in and check-out is not prohibited because of ACL tree (In Job(true)/Has Class(POM_object)).
What is the difference?
I am creating wf ACL which shows that Doing check-out and check-in is accessble to the object which is in WF.
But it is not working.
Could you tell me the way to fix the error?
To answer your earlier query: you could imagine that the Workflow ACLs are triggered at In-job tree node when system ACLs are evaluated. Upper level nodes in the tree have higher precedence than the lower level ones. I am not describing the rest of AM tree evaluation as it is best to read them in GTAC docs.
Can you share a screen grab of your workflow ACL? It will help us understand your query.
Thank you for the reply.
Now I set the WF ACL from workflow designer and I set the ACL for the user to do check-out and check-in to the target object . Actually I did not set the ACL from AM tree.
So in this case, since there is no ACL setted from workflow designer in AM tree. How do I check precedence of AM tree and workflow ACL?
I can understad your explanation below.
"ACLs are evaluated. Upper level nodes in the tree have higher precedence than the lower level ones."
You can check the precedence as you did previously: right click the object (object which is in an active workflow process) in My Teamcenter and select access...--> click on the padlock button (I do not have TC open in front of me...so I may be wrong...it is the 2nd button on the bottom right side of the dialog) and observe the precedence/judgment TC has made after combining workflow ACL and System ACLs.
In your case, you may want to specifically deny world write and modify access (using workflow ACL) to prevent check-in/check-out
Ok, and I found that wf acl is applied to In Jon() which is in ACL tree.
And Is it possible to attach ACL to the object based on the status?
I guess in this case I need to create WF ACL on the task, is it correct?
You can add HasStatus() and HasType() to the regular ACL, since the work-flow ACL is only active while the object is inside the work-flow.
Work-flow ACL is applied to the object when it is added to a work-flow and it is removed when the object is removed from the work-flow.
If you need persistent ACL, then you need to create a regular ACL entry.
Production: NX10.0.3, VERICUT 8.1, FBM, MRL 3.1.7 | TcUA 10.1 MP7 Patch 0 (10.1.7.0) | TcVis 11.4
Development: C (ITK), .NET, Tcl/Tk Testing: NX12.0 | AWC 3.4 Preparing: NX12.0
Employees of the customers, together we are strong ;)
How to Get the Most from Your Signature in the Community
NX Customization - Best Practice Guide