Cancel
Showing results for 
Search instead for 
Did you mean: 

object acl

Creator
Creator

Hello,

 

I have a problem with OBJECT ACL. I have a form. The role "Structural Designer" and the role "Weight Specialist" have write access to the form. When I revoke write access of "Structural Designer" with using teamcenter interface, OBJECT ACL, write access of "Weight Specialist" is revoked, too. However, these roles are different and non-related roles. In my structure there is no relation between roles. Anybody has an idea what can cause this problem ?

 

Thanks in advance.

4 REPLIES 4

Betreff: object acl

Solution Partner Legend Solution Partner Legend
Solution Partner Legend

Try to get rid of object ACL!

IMHO most of the installations using ACLs within the Ruletree definition. It is mainly configured on accessor Group or Role.

Michael
Teamcenter UA | NX CAD

Betreff: object acl

Creator
Creator

Hello,

 

In a workflow, I need to revoke write access of role that approves after approval because approve means that design or form is completed so there is no need for write access and I do that with OBJECT ACL. Thats why I use. 

 

Thank you.

Gökhan.

Betreff: object acl

Solution Partner Legend Solution Partner Legend
Solution Partner Legend

But even then, Object ACLs are the wrong approach. Please familiarize with TC access management.

 

Rules-based protection is the primary security mechanism.

• Controlling access to data on a global basis.
• Determining whether a user has permission to view or perform an action on an object.
• Filtering data according to the attributes of the data.
• Granting privileges to the data according to the users' IDs and their session context (the group and role they used to log on).

Rules are defined by a combination of:
• A condition.
• A value for the condition.
• An access control list (ACL) that grants privileges to accessors.
The condition and value identify the set of objects to which the rule applies; the ACL defines the privileges granted to users (accessors).

 

In General:

TC objects which have not status object are controlled by the 'working' ACL.

TC objects which have a status object (released objects) are controlled by the 'vault' ACL.

 

In case of workflow: a workflow ACL has an higher priority as working or vault ACL. Means if you define workflow ACL overrides the rule tree definition - if the workflow is still active. E.g. if you set the workflow ACL 'vault' after the approval task, nobody has write access to the target objects. And after the workflow is finished, the 'vault' ACL is valid anyway - because all your released objects have a released status.

 

 

Michael
Teamcenter UA | NX CAD

Betreff: object acl

Creator
Creator

Hello,

 

I solved the problem with changing TC_authorization_mode preference. It is default On but I turned it Off.

 

Thank you guys.