Community

Permissions

Permissions

Anonymous
Not applicable
352 Views
5 Replies
Message 1 of 6

Permissions

Anonymous
Not applicable
‎03-25-2015 11:05 AM

Another Roles and Permissions question here,

 

We have many documents, drawings, etc., that we would not like visibile to the outside customer groups we have created that have access to our vault. Many of the folders we would not like them to have read access to have been selected and denied, yet when a new folder is created they are immediately granted readable access.

 

After creating the folder you can easily select it and deny read access to these groups but only at the administrative level. Now my question is would it be possible to override some of the permissions for a particular role to disallow readable access to all parent and sub folders in vault except those we allow access to. It is much easier to contact our department with admin rights to allow access to one new folder, than to contact them to disallow customer access to hundreds of folders.

0 Likes
Like
Report
353 Views
5 Replies
Replies (5)
Message 2 of 6

Neil_Cross
Mentor
Mentor
‎03-25-2015 11:45 AM

Not really.  If you deny a group read rights to the parent level, they can't see the sub folders even though they have read rights to those... I'm sure you've tried that though.  They'd need read rights to the parent folderelse it blocks their ability to see anything underneath.

Am I on the right track there? Or are you talking about something different?

 

Neil Cross

InvMark - Leaderboard Table for Autodesk Inventor


T3D-Logo
0 Likes
Like
Report
Message 3 of 6

Anonymous
Not applicable
in reply to Neil_Cross
‎03-25-2015 11:53 AM

Thank you for the response,

 

The problem is more about the sub folders. Say we have a parent folder with three subfolders. We want customers to have readable rights to two of those three subfolders, so we have our IT department with Admin privileges disallow readable access to said third folder. Now if anyone in the company adds a fourth subfolder they immediately gain readable access to this fourth folder, although we only want them to have readable access to the initial two.

 

This is easy to do when only one subfolder is created, but when we gain new projects regularly and new folders are constantly created, it becomes a large hassle to select every single newly created sub folder and deny access. It would be much easier if they had denied readable access from the start and we gave them readable access to the few folders that are necessary.

 

From what I have gathered, I essentially need to be able to alter the permissions given to the roles, but that is not a current feature of Vault if I understand it correctly.

0 Likes
Like
Report
Message 4 of 6

loesche1
Enthusiast
Enthusiast
in reply to Anonymous
‎03-25-2015 11:48 PM

Hello nmcmillian!

 

We're working with Vault Pro 2015 and decided to handle the folder access via Folder-Lifecycles. The initial state allows access for all user groups that got the permissions to this folder category. Then we got states that restrict the access by special user-groups. This allows the end-users to change the access-permissions by their own.

This will only work if you don't have a too complex combination of user group accesses, because you will need a state for every combination. At the moment this can be handled in our scenario.

 

Best regards,

Lars

 

0 Likes
Like
Report
Message 5 of 6

minkd
Alumni
Alumni
in reply to loesche1
‎03-26-2015 08:42 AM

When you create a child folder it inherits the security of its parent folder.

Files also inherit their security from their parent folder.

 

However, if the file or folder has a lifecycle definition and it's initial state applies security to the folder or file, then that security will override what is inherited from the parent.  Likewise, the same thing occurs if you change the lifecycle state of a folder or file to one that applies security.

 

-Dave



Dave Mink
Fusion Lifecycle
Autodesk, Inc.
0 Likes
Like
Report
Message 6 of 6

Anonymous
Not applicable
in reply to loesche1
‎03-26-2015 08:55 AM

As a precursor, I will say that I don't personally believe that Vault is well suited to bringing customers in. Is security model isn't quite advanced enough to make it a robust and reasonable process to keep things up to date.

 

That being said, if there isn't any overlap (i.e. a customer has access to its folders and only its folder, there is not a situation where a customer may have access to their folders and some other customers folders) you could create a folder lifecycle for each of your customers. Then you could have a category for each customer that could be assigned to the folders which would assign the lifecycle definition, which would, in turn, assign security.

 

If your needs are more complicated that that, it is probably still possible but it will get hairy quickly. You would need a lifecycle definition with a state for each of the combinations of access that would be required. Not fun.

 

This would still require that the categories be assigned to each one (although you could multi-select them and assign multiple at the same time). Upon creation, a folder takes on the access control list of its direct parent. This means that because the folder overall project folder doesn't contain all of the required security, there is no way that the child folders can automatically contain that information.

0 Likes
Like
Report
Report a website issue