There was a change in the way files are "locked" by Items in 2010.
You will notice the ability to create an Access Control List (ACL) in
the Item area of the administration dialog. This ACL will be applied to
the file as an override to the folder security. It is not a combination
of the two it is a complete override. When the Item is release the
override ACL will be applied, when the item moves out of a released
state the override ACL will be removed and the file will have the ACL
provided by the folder.
We made this change for several reasons.
1. We had two different security models in the past (file lock and
folder ACL). This was confusing for the user and difficult for us to
maintain.
2. The new Item ACL provides more flexibility. It is no longer just
locked or unlocked. It can be different for different users.
3. We did this to make Items compatible with the new file lifecycle
system. They both use the same override ACL functionality.
- Mikel
-----Original Message-----
From: andrzej.barys@telzas.com.pl [mailto:andrzej.barys@telzas.com.pl]
Posted At: Friday, February 05, 2010 3:58 PM
Posted To: autodesk.productstream
Conversation: Problem with access rights after upgrade PS2009 to VM2010
Subject: Problem with access rights after upgrade PS2009 to VM2010
After upgrade PS2009 to VM2010 we have very big problem with access
rights to files linked to items, with "Released" state. VM2010 does
not see no access rights (set for directories in Vault) to files linked
to items, which are "Released".
Explanation:
The problem occurred during the upgrade from Productstream 2009 to
Autodesk Vault Manufacturing 2010. The data in the database are
available through the Administration Module or by giving permissions
to the directory created in Vault Explorer.
The database files are attached to items. These items have status
"Released" .
If user X has no access to a subdirectory, then he should not be able
to read, write, or delete this files from that subdirectory.
Unfortunately it is not work properly.
User X cannot see the directory in the "Vault Explorer," but knowing the
file name can look it up through the "Find" and open through the "View
in Window"
Also in "Item Master" user X can see the items and see the files that
are linked to this items.
With the web browser based client user X can also see and download
forbidden files to his local disk.
To sum up: Although the user X has no access rights to a subdirectory,
he can see data that are not allowed for him.
Regards
Andrzej Barys