cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - When posting, your subject should be specific and summarize your question. Here are some additional tips on asking a great question. X

WGM should report exactly the files, on which Users have no access, but not reports all files.

YL_10276219
5-Regular Member
5-Regular Member
‎Apr 26, 2024 05:35 AM
‎Apr 26, 2024 05:35 AM

WGM should report exactly the files, on which Users have no access, but not reports all files.

Scenario: Add to workspace of the structure of Solidworks. User has no download right of one file from 100 files. 

currently the error message won't show on which file exactly the user has no access. but shows much more files, on which the user has access.

 

even "work as designed", but it makes the support not possible.

Article - CS131433 - Download content fails during Add to Workspace in Windchill PDMLink if the user does not have access to download all the files involved in the operation (ptc.com)

Labels:
Notify Moderator
4 REPLIES 4
jbailey
17-Peridot
17-Peridot
(To:YL_10276219)
‎Apr 26, 2024 07:24 AM
‎Apr 26, 2024 07:24 AM

I had a call on this topic with PTC last year and will be submitting a community idea. The problem here is that you can't give up too much information about the item the person doesn't have access to, because maybe they are not supposed to know anything about it.

 

For example, Let's say that person was not a US citizen, and the component was ITAR or EAR - and protected by a security label. In that case, that person isn't legally allowed to see that item. The problem in this case about letting someone know that the file exists (and metadata about it) may tell that person too much about the item.

 

From the discussions I had with Product management on this issue... Windchill looks first if you have access to something, if you do not you get the generic <Secured Access> error and Windchill stops there.  It doesn't matter if you don't have access because the item is a working copy in someone else's workspace, because you are not part of the team, because it has a security label you don't have access to etc - at that point, Windchill doesn't know anymore information to tell you, because it stopped when it determined you don't have access. What makes it worse, the detailed logs on the back end generally don't contain any more info than the person doesn't have access to something

 

The idea I will be submitting when I get time will be for the UI to throw a more specific error like <Secured Action - You have attempted to access a file which is (Insert generic detailed error here)> where the generic error might be something like:

  • Security Labeled and you do not have access to <security label value>'d items Please contact your administrator
  • In a context you are not a team member of. Please contact your administrator

And to provide detailed MS logs on the back end that tell the ADMIN what the specific item is so it is quick for the admin to identify the root cause and send the user in the right direction to get it fixed.

 

Notify Moderator
YL_10276219
5-Regular Member
5-Regular Member
(To:jbailey)
‎Apr 26, 2024 07:39 AM
‎Apr 26, 2024 07:39 AM

Hello jbailey,

thank you for the information.

I can unterstand the thinking behind it. 

but currently our issue is, that WGM reports something on which user has access. (instead of general message - no access). It means, user / supporter gets wrong message instead of general message.

your idea is good, maybe we can also ask like that "if the user has Read right for meta data, then the error message should show exactly the file name" - it's the case at us; if not meta data read right, then general message

thanks again for your feedback.

0 Kudos
Notify Moderator
jbailey
17-Peridot
17-Peridot
(To:YL_10276219)
‎Apr 26, 2024 07:42 AM
‎Apr 26, 2024 07:42 AM

Yeah, that's what I am thinking. In the security label example, the user also can have access. We run into this specific issue when someone tries to change a security label to something they do have access to, and are authorized to change the label value... however there is a working copy of an item in someone else workspace (which the user does not have access to) and the user has no way to know about that working copy. I am wondering if that is the issue you are facing, that there is some sort of working copy of an object being referenced

0 Kudos
Notify Moderator
YL_10276219
5-Regular Member
5-Regular Member
(To:jbailey)
‎Apr 29, 2024 02:24 AM
‎Apr 29, 2024 02:24 AM

about the working copy I tested with one test user who has no access to only 2 files. which should not have any working copy (newly rehosted). and we don't change / use security lable, some issue... 

0 Kudos
Notify Moderator
Top Tags