Cancel
Showing results for 
Search instead for 
Did you mean: 

Workflow ACL

Siemens Creator Siemens Creator
Siemens Creator

Hello Guys...

How can I set a ACL to grant write access on specific dataset only to a RIG (role in group) at one specific Workflow task.

I don't know if I've to set this ACL at workflow task or at Access Manager and some tip in how to do.
Thanks

12 REPLIES 12

Betreff: Workflow ACL

Solution Partner Legend Solution Partner Legend
Solution Partner Legend

Something like this?

280901.png

 

280902.png

In this workflow step, move all objects do not want to grant access to reference folder.

 

Michael
Teamcenter UA | NX CAD

Betreff: Workflow ACL

Phenom
Phenom

What @Michael_Ruhnke has described is correct.  However, all workflow ACLs persist from when they are set to either the end of the workflow or until another ACL is set.  Good practice is to to set the write access ACL and then on the task after this set another ACL that sets simple read access for a user or group.  For example, owning user or world read access.

 

Rich

Richard Bennett
Prospect PLM

Re: Workflow ACL

Siemens Creator Siemens Creator
Siemens Creator

Thanks gurus...

I've created some rules bellow to In Job rule and it works... 

but may appear that your suggestion works better... 

 

Re: Workflow ACL

Solution Partner Legend Solution Partner Legend
Solution Partner Legend

Never add any rule directly in the "In Job(true)"-branch of the rule tree!

Workflow ACL must be added to desired tasks within the workflow designer only.

 

280903.png

Michael
Teamcenter UA | NX CAD

Re: Workflow ACL

Siemens Creator Siemens Creator
Siemens Creator

Ok... But at workflow ACL I can't use Has Type or something like that, right?

So your suggestion is put the others objects at References and let with Targets only what I want to grant access... that's it?

Re: Workflow ACL

Phenom
Phenom

@Michael_Ruhnke I wouldnt say never add to main rule tree... There are scenarios where this is necessary...

@mundim Workflow ACLs are the usual place to control access in a workflow, rather than the main rule tree. Shuffle your attachments from Target to Reference using condition task with -reference option, or depending on what version of TC you have you can use the handler epm-move-attached-objects.

 

The downside of workflow ACL is that it only applies to Targets, so when you move objects to the references folder they are no longer flagged as being In Process, so if they are WIP they can be put into other workflows or modfified as per the access granted in the main rule tree.  A workaround is to apply a temporary status to objects when entering the workflow, and then applying an ACL in the main rule tree for that status.

 

Rich

Richard Bennett
Prospect PLM

Re: Workflow ACL

Solution Partner Legend Solution Partner Legend
Solution Partner Legend


@ProspectPLM   IMHO this branch of the main rule tree is not under evaluation. So, even if you add a rule to this "in Job"-branch it is useless. I'm wrong?

Michael
Teamcenter UA | NX CAD

Re: Workflow ACL

Legend
Legend

Well, I think that's part correct and part incorrect. This is based on my understanding (I have not verified it)

 

InJob(true) branch is simply a place holder. This is the location where Workflow ACL (applied using ootb handler) is evaluated

 

If you add any entries under this branch, then those entries will not be evaluated.

---

Thanks and Regards

Yogesh Fegade

Re: Workflow ACL

Phenom
Phenom

I have tested @Michael_Ruhnke & @fegade-sot and it works.  I created a branch under In Job for ItemRevision.  I then put an ItemRevision in a workflow with no ACL.  Displaying the extra protection shows the rule being applied:

Capture.JPG

Richard

Richard Bennett
Prospect PLM