Access Policy Report

I am looking for some SQL that will output a nice Access Policy report
from PDMLink 8.0. It looks like everything is in the ACCESSPOLICYRULE
table. The problem is the EntrySet column appears encoded. What I am
trying to do is check the ACLs on about 50-60 Product areas to make sure
things are consistent. If SQL is not possible, I probably can do it via
Java code but I rather not. Its just a quickie report. I will probably
want to dump it to Excel for analysis.

Antonio,

I have a query builder report that should give you what you are looking for. I have the criteria set to only pull the contexts with the Library or Product in the name. You may need to adjust this based on your naming convention. I have embedded this report in excel to compare access across contexts and it works great.

Hope this helps,
Dax Williams
Lifetime Products

From: Villanueva, Antonio [mailto:antonio.villanueva@goodrich.com]
Sent: Thursday, June 19, 2008 2:21 PM
To: solutions@lists.ptcuser.org
Subject: [solutions] - Access Policy Report

I am looking for some SQL that will output a nice Access Policy report from PDMLink 8.0. It looks like everything is in the ACCESSPOLICYRULE table. The problem is the EntrySet column appears encoded. What I am trying to do is check the ACLs on about 50-60 Product areas to make sure things are consistent. If SQL is not possible, I probably can do it via Java code but I rather not. Its just a quickie report. I will probably want to dump it to Excel for analysis.


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________

Thanks Dax, I was able to take what you sent and rework this into an SQL
query. See if I got this right. In my case, I am using team roles which
really are groups to the system. I do not use negative rights so I did
not need to show that. Maybe in Excel I can expand the permission mask
to a more readable form. One question, you had displayed the mask as
well as a permissions column. I only saw permissions mask in the
database. What is the difference in your report?



SELECT PDMLINKPRODUCT.NAMECONTAINERINFO PRODUCTNAME,
ACCESSPOLICYRULE.CLASSNAMEA5 OBJECTTYPE, ACCESSPOLICYRULE.STATENAMEA5
STATE, WTGROUP.NAME GROUPNAME, WTACLENTRY.PERMISSIONMASK

FROM

WTACLENTRY, WTGROUP, ACCESSPOLICYRULE, PDMLINKPRODUCT,
ADMINISTRATIVEDOMAIN

WHERE

ADMINISTRATIVEDOMAIN.IDA3CONTAINERREFERENCE = PDMLINKPRODUCT.IDA2A2 AND

ACCESSPOLICYRULE.IDA3DOMAINREF = ADMINISTRATIVEDOMAIN.IDA2A2 AND

WTACLENTRY.IDA3B3 = ACCESSPOLICYRULE.IDA2A2 AND

WTGROUP.IDA2A2 = WTACLENTRY.IDA3A3



________________________________

From: Dax Williams [mailto:dwilliams@lifetime.com]
Sent: Thursday, June 19, 2008 4:41 PM
To: Villanueva, Antonio; solutions@lists.ptcuser.org
Subject: RE: Access Policy Report



Antonio,



I have a query builder report that should give you what you are
looking for. I have the criteria set to only pull the contexts with the
Library or Product in the name. You may need to adjust this based on
your naming convention. I have embedded this report in excel to compare
access across contexts and it works great.



Hope this helps,

Dax Williams

Lifetime Products



From: Villanueva, Antonio [mailto:antonio.villanueva@goodrich.com]
Sent: Thursday, June 19, 2008 2:21 PM
To: solutions@lists.ptcuser.org
Subject: [solutions] - Access Policy Report



I am looking for some SQL that will output a nice Access Policy report
from PDMLink 8.0. It looks like everything is in the ACCESSPOLICYRULE
table. The problem is the EntrySet column appears encoded. What I am
trying to do is check the ACLs on about 50-60 Product areas to make sure
things are consistent. If SQL is not possible, I probably can do it via
Java code but I rather not. Its just a quickie report. I will probably
want to dump it to Excel for analysis.



-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown
viruses. This message is now certified Virus-free.
________________________________________________________________________

Antonio,
I have included a screenshot of the report. I am not using the permission mask. When I wrote the query, I believe I added it just in case the permissions column didn't give me the results I needed. We only use the permissions that are called out in the header. In excel, I perform a replace on those identifiers to the name of the permission.

Report Manager allows you to import and export the .qml files. If import is not available, set the wt/report/manager/showImportExport preference to "True". TPI 140320<https://www.ptc.com/appserver/cs/view/solution.jsp?n=/140320.htm>.

[cid:image003.jpg@01C8D2AA.89927810]

Types:

1. wt.access.AccessPolicyRule

2. wt.admin.AdministrativeDomain

3. wt.access.WTAclEntry

4. wt.inf.container.WTContainer

Joins:

1. From: Acess Policy Rule Link: Acl Entry Link From Role: Acl To Role: Entry To: WTAcl Entry

2. From: Access Policy Rule Reference: Domain Ref To: Administrative Domain

3. From: Administrative Domain Reference: Context To: Context

Selects:

1. Administrative Domain.Context Name

2. Administrative Domain.Name

3. Access Policy Rule.Selector.Type Id

4. Access Policy Rule.Selector.State Name

5. WTAcl Entry.Principal Reference.Name

6. WTAcl Entry.Permissions

7. WTAcl EntrypermissionMask

8. WTAcl Entry.Negative


From: Villanueva, Antonio [mailto:Antonio.Villanueva@goodrich.com]
Sent: Friday, June 20, 2008 6:15 AM
To: Dax Williams; solutions@lists.ptcuser.org
Subject: RE: Access Policy Report

Thanks Dax, I was able to take what you sent and rework this into an SQL query. See if I got this right. In my case, I am using team roles which really are groups to the system. I do not use negative rights so I did not need to show that. Maybe in Excel I can expand the permission mask to a more readable form. One question, you had displayed the mask as well as a permissions column. I only saw permissions mask in the database. What is the difference in your report?

SELECT PDMLINKPRODUCT.NAMECONTAINERINFO PRODUCTNAME, ACCESSPOLICYRULE.CLASSNAMEA5 OBJECTTYPE, ACCESSPOLICYRULE.STATENAMEA5 STATE, WTGROUP.NAME GROUPNAME, WTACLENTRY.PERMISSIONMASK
FROM
WTACLENTRY, WTGROUP, ACCESSPOLICYRULE, PDMLINKPRODUCT, ADMINISTRATIVEDOMAIN
WHERE
ADMINISTRATIVEDOMAIN.IDA3CONTAINERREFERENCE = PDMLINKPRODUCT.IDA2A2 AND
ACCESSPOLICYRULE.IDA3DOMAINREF = ADMINISTRATIVEDOMAIN.IDA2A2 AND
WTACLENTRY.IDA3B3 = ACCESSPOLICYRULE.IDA2A2 AND
WTGROUP.IDA2A2 = WTACLENTRY.IDA3A3

________________________________
From: Dax Williams [mailto:dwilliams@lifetime.com]
Sent: Thursday, June 19, 2008 4:41 PM
To: Villanueva, Antonio; solutions@lists.ptcuser.org
Subject: RE: Access Policy Report

Antonio,

I have a query builder report that should give you what you are looking for. I have the criteria set to only pull the contexts with the Library or Product in the name. You may need to adjust this based on your naming convention. I have embedded this report in excel to compare access across contexts and it works great.

Hope this helps,
Dax Williams
Lifetime Products

From: Villanueva, Antonio [mailto:antonio.villanueva@goodrich.com]
Sent: Thursday, June 19, 2008 2:21 PM
To: solutions@lists.ptcuser.org
Subject: [solutions] - Access Policy Report

I am looking for some SQL that will output a nice Access Policy report from PDMLink 8.0. It looks like everything is in the ACCESSPOLICYRULE table. The problem is the EntrySet column appears encoded. What I am trying to do is check the ACLs on about 50-60 Product areas to make sure things are consistent. If SQL is not possible, I probably can do it via Java code but I rather not. Its just a quickie report. I will probably want to dump it to Excel for analysis.


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________

Ok. The query below works and I was able to create the following pivot
table in Excel.



You can see my Product names slanted at the top. Dax, you had the
following mapping:

Permissions [-1]=Full Control [0]=Read [1]=Modify [2]=Create [5]=Delete
[7]=Revise

I am not sure I am outputting this correct since the numbers don't make
sense. It might be that this is some binary encoding. I think it gets
funny when there is more than one right per entry.



________________________________

From: Villanueva, Antonio [mailto:antonio.villanueva@goodrich.com]
Sent: Friday, June 20, 2008 8:15 AM
To: Dax Williams; solutions@lists.ptcuser.org
Subject: [solutions] - RE: Access Policy Report



Thanks Dax, I was able to take what you sent and rework this into an SQL
query. See if I got this right. In my case, I am using team roles which
really are groups to the system. I do not use negative rights so I did
not need to show that. Maybe in Excel I can expand the permission mask
to a more readable form. One question, you had displayed the mask as
well as a permissions column. I only saw permissions mask in the
database. What is the difference in your report?



SELECT PDMLINKPRODUCT.NAMECONTAINERINFO PRODUCTNAME,
ACCESSPOLICYRULE.CLASSNAMEA5 OBJECTTYPE, ACCESSPOLICYRULE.STATENAMEA5
STATE, WTGROUP.NAME GROUPNAME, WTACLENTRY.PERMISSIONMASK

FROM

WTACLENTRY, WTGROUP, ACCESSPOLICYRULE, PDMLINKPRODUCT,
ADMINISTRATIVEDOMAIN

WHERE

ADMINISTRATIVEDOMAIN.IDA3CONTAINERREFERENCE = PDMLINKPRODUCT.IDA2A2 AND

ACCESSPOLICYRULE.IDA3DOMAINREF = ADMINISTRATIVEDOMAIN.IDA2A2 AND

WTACLENTRY.IDA3B3 = ACCESSPOLICYRULE.IDA2A2 AND

WTGROUP.IDA2A2 = WTACLENTRY.IDA3A3



________________________________

From: Dax Williams [mailto:dwilliams@lifetime.com]
Sent: Thursday, June 19, 2008 4:41 PM
To: Villanueva, Antonio; solutions@lists.ptcuser.org
Subject: RE: Access Policy Report



Antonio,



I have a query builder report that should give you what you are
looking for. I have the criteria set to only pull the contexts with the
Library or Product in the name. You may need to adjust this based on
your naming convention. I have embedded this report in excel to compare
access across contexts and it works great.



Hope this helps,

Dax Williams

Lifetime Products



From: Villanueva, Antonio [mailto:antonio.villanueva@goodrich.com]
Sent: Thursday, June 19, 2008 2:21 PM
To: solutions@lists.ptcuser.org
Subject: [solutions] - Access Policy Report



I am looking for some SQL that will output a nice Access Policy report
from PDMLink 8.0. It looks like everything is in the ACCESSPOLICYRULE
table. The problem is the EntrySet column appears encoded. What I am
trying to do is check the ACLs on about 50-60 Product areas to make sure
things are consistent. If SQL is not possible, I probably can do it via
Java code but I rather not. Its just a quickie report. I will probably
want to dump it to Excel for analysis.



-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown
viruses. This message is now certified Virus-free.
________________________________________________________________________



-----End Original Message-----

Antonio,
If you use the WTAcl Entry.Permissions rather than the WTAcl EntrypermissionMask, you should be able to make sense of it all. The screenshot below shows a pivot of the report. I queried wt.doc.WTDocument and replaced the Permission identifiers with the name of the permission.

[cid:image004.jpg@01C8D2AE.F6E3DD10]

From: Villanueva, Antonio [mailto:antonio.villanueva@goodrich.com]
Sent: Friday, June 20, 2008 7:59 AM
To: Dax Williams; solutions@lists.ptcuser.org
Subject: [solutions] - SUMMARY- RE: Access Policy Report

Ok. The query below works and I was able to create the following pivot table in Excel.
[cid:image001.jpg@01C8D2AD.73F8CEC0]
You can see my Product names slanted at the top. Dax, you had the following mapping:
Permissions [-1]=Full Control [0]=Read [1]=Modify [2]=Create [5]=Delete [7]=Revise
I am not sure I am outputting this correct since the numbers don't make sense. It might be that this is some binary encoding. I think it gets funny when there is more than one right per entry.

________________________________
From: Villanueva, Antonio [mailto:antonio.villanueva@goodrich.com]
Sent: Friday, June 20, 2008 8:15 AM
To: Dax Williams; solutions@lists.ptcuser.org
Subject: [solutions] - RE: Access Policy Report

Thanks Dax, I was able to take what you sent and rework this into an SQL query. See if I got this right. In my case, I am using team roles which really are groups to the system. I do not use negative rights so I did not need to show that. Maybe in Excel I can expand the permission mask to a more readable form. One question, you had displayed the mask as well as a permissions column. I only saw permissions mask in the database. What is the difference in your report?

SELECT PDMLINKPRODUCT.NAMECONTAINERINFO PRODUCTNAME, ACCESSPOLICYRULE.CLASSNAMEA5 OBJECTTYPE, ACCESSPOLICYRULE.STATENAMEA5 STATE, WTGROUP.NAME GROUPNAME, WTACLENTRY.PERMISSIONMASK
FROM
WTACLENTRY, WTGROUP, ACCESSPOLICYRULE, PDMLINKPRODUCT, ADMINISTRATIVEDOMAIN
WHERE
ADMINISTRATIVEDOMAIN.IDA3CONTAINERREFERENCE = PDMLINKPRODUCT.IDA2A2 AND
ACCESSPOLICYRULE.IDA3DOMAINREF = ADMINISTRATIVEDOMAIN.IDA2A2 AND
WTACLENTRY.IDA3B3 = ACCESSPOLICYRULE.IDA2A2 AND
WTGROUP.IDA2A2 = WTACLENTRY.IDA3A3

________________________________
From: Dax Williams [mailto:dwilliams@lifetime.com]
Sent: Thursday, June 19, 2008 4:41 PM
To: Villanueva, Antonio; solutions@lists.ptcuser.org
Subject: RE: Access Policy Report

Antonio,

I have a query builder report that should give you what you are looking for. I have the criteria set to only pull the contexts with the Library or Product in the name. You may need to adjust this based on your naming convention. I have embedded this report in excel to compare access across contexts and it works great.

Hope this helps,
Dax Williams
Lifetime Products

From: Villanueva, Antonio [mailto:antonio.villanueva@goodrich.com]
Sent: Thursday, June 19, 2008 2:21 PM
To: solutions@lists.ptcuser.org
Subject: [solutions] - Access Policy Report

I am looking for some SQL that will output a nice Access Policy report from PDMLink 8.0. It looks like everything is in the ACCESSPOLICYRULE table. The problem is the EntrySet column appears encoded. What I am trying to do is check the ACLs on about 50-60 Product areas to make sure things are consistent. If SQL is not possible, I probably can do it via Java code but I rather not. Its just a quickie report. I will probably want to dump it to Excel for analysis.


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________

Thought I should share this to the forum in case anyone else is having an issue with the criteria.

From: Mike.Lockwood@AlconLabs.com [mailto:Mike.Lockwood@AlconLabs.com]
Sent: Friday, June 20, 2008 8:39 AM
To: Dax Williams
Subject: RE: [solutions] - RE: Access Policy Report

That did the trick.
This is great to have!

________________________________
From: Dax Williams [mailto:dwilliams@lifetime.com]
Sent: Friday, June 20, 2008 7:33 AM
To: Lockwood,Mike,IRVINE,R&D
Subject: RE: [solutions] - RE: Access Policy Report
Mike,
Look at the criteria in the report. I am guessing this is why you are only seeing 3 contexts. I have the criteria set to only pull contexts where the name contains "Library" or begins with "Products". If you remove these criteria, I bet it will return all of your contexts.
Dax
From: Mike.Lockwood@AlconLabs.com [mailto:Mike.Lockwood@AlconLabs.com]
Sent: Friday, June 20, 2008 8:10 AM
To: Dax Williams
Subject: RE: [solutions] - RE: Access Policy Report

I imported and ran it at Site level - only spits out 3 contexts??? We have a lot of ACL's at various Org levels, and about 35 Prod / Lib contexts.

________________________________
From: Dax Williams [mailto:dwilliams@lifetime.com]
Sent: Friday, June 20, 2008 7:04 AM
To: Lockwood,Mike,IRVINE,R&D
Subject: RE: [solutions] - RE: Access Policy Report
Mike,
I just added the "Object Type" and "Context Name" parameters so that I could query on those if needed. If you leave those parameters blank, it will find all.
If you want to query on the object type, you would need to enter the full name of the type (Example: wt.part.WTPart).
To query on the Context, you would just need to enter the Context Name (Case Sensitive).
Hope this helps,
Dax
From: Mike.Lockwood@AlconLabs.com [mailto:Mike.Lockwood@AlconLabs.com]
Sent: Friday, June 20, 2008 7:52 AM
To: Dax Williams
Subject: RE: [solutions] - RE: Access Policy Report
I read this with interest. Just loaded it and tried. What is the format needed for the object type and context (see below).
Is it possible to run this for all ACL's in the system for all object types and contexts at once?
[cid:image001.jpg@01C8D2B2.7F24D0F0]

Try changing the attribute from Administrative Domain Name to Context.Context Name (name) as shown in the attached screenshot. It appears that the Administrative Domain Name is not easily searchable.

[cid:image001.png@01C8D2EC.2F59D3B0]

From: Chukwuka Alexius C [mailto:ChukwukaAlexiusC@JohnDeere.com]
Sent: Friday, June 20, 2008 2:58 PM
To: Dax Williams
Subject: RE: [solutions] - RE: Access Policy Report

Hi Dax,

When I constructed the criteria as you indicated below and ran the report, it came back wiht no record. The context I am using on our system is called S350_Engines, and the object is wt.part.WTPart. This is the problem I was experiencing previously. See screen shot below.


[cid:image002.jpg@01C8D2EC.2F59D3B0]

Thanks


Alexius C. Chukwuka
IT Analyst, PDP Systems
John Deere Power Systems
Product Engineering Center
Phone: 319-292-8575;Fax:319-292-6282
Mobile: 319-429-5336
E-mail: ChukwukaAlexiusC@JohnDeere.com

CONFIDENTIALITY. This electronic mail and any files transmitted with it may contain information proprietary to Deere & Company, or one of its subsidiaries or affiliates, and are intended solely for the use of the individual or entity to whom they are addressed, shall be maintained in confidence and not disclosed to third parties without the written consent of the sender. If you are not the intended recipient or the person responsible for delivering the electronic mail to the intended recipient, be advised that you have received this electronic mail in error and that any use, dissemination, forwarding, printing, or copying of this electronic mail is strictly prohibited. If you have received this electronic mail in error, please immediately notify the sender by return mail.

Dax ,

I am getting the Permission identifiers for "WTAcl Entry.Permissions" column. How do we replace the Permission identifiers with the name of the permission?

 

Thanks,

Sanjay

You can also use the WinDU utility to generate Domain Policy Rules report. (Requires PDMLink 8.0 M040 or above for generating Domain Policies report)


Check the attached file for a sample.

 

Regards,

Prathap

In Reply to:

Dax ,

I am getting the Permission identifiers for "WTAcl Entry.Permissions" column. How do we replace the Permission identifiers with the name of the permission?



Thanks,

Sanjay

Sanjay,
We import the report into excel as a web query. From there, we perform a "Find and Replace" where we replace the permission identifiers with the name of the ACL. Those identifiers map as follows:

[-1] = Full Control
[0] = Read
[1] = Modify
[2] = Create
[5] = Delete
[6] = Administrative
[7] = Revise
[8] = New View Version
[9] = Change Permissions

Hope this helps,
Dax

From: Sanjay Sawant [mailto:sanjusawant@rediffmail.com]
Sent: Monday, June 30, 2008 8:01 AM
To: solutions@lists.ptcuser.org
Subject: [solutions] - RE: SUMMARY- Access Policy Report


Dax ,

I am getting the Permission identifiers for "WTAcl Entry.Permissions" column. How do we replace the Permission identifiers with the name of the permission?



Thanks,

Sanjay


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________

Hi James,
Attached is a new .qml file, which has the Context joined to the Administrative Domain. I also removed the following criteria, which is why you were not getting any results when you ran the report.

Context Name Like *Library*
Context Name Like Products*
Context Name Like MANUFACTURING EQUIPMENT

I pointed out to Antonio that this criterion would need to be modified to meet the naming convention of your company. I should have just removed it to avoid confusion.

Hope this helps,
Dax

From: James.Little@corning.com [mailto:James.Little@corning.com]
Sent: Monday, June 30, 2008 10:12 AM
To: Dax Williams
Subject: Re: [solutions] - RE: Access Policy Report


Dax,

First of all, this is great stuff....thanks for submitting this to the exploder.

I tried recreating the report in Query Builder. I can get everything just as you have it with the exception of the join between the Administrative Domain and the Context with the Context as Reference. This join is not available for me. Any suggestions?

When I import your QML file and run the report, I don't get any errors, but I don't get any results either.

Thanks,

James Little
CAD Administrator
Corning Cable Systems
Keller, Texas
817-431-7678
________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________

I thought I had removed the Criteria filters but apparently I had not, because the file attached below works. I do appreciate your response.

Thanks,

James


Dax Williams <dwilliams@lifetime.com>


Dax Williams <dwilliams@lifetime.com>
07/01/2008 01:21 PMPlease respond to
Dax Williams <dwilliams@lifetime.com>
To
"'James.Little@corning.com'" <James.Little@corning.com>, "solutions@lists.ptcuser.org" <solutions@lists.ptcuser.org>
cc

Subject
[solutions] - RE: Access Policy Report
Hi James,
Attached is a new .qml file, which has the Context joined to the Administrative Domain. I also removed the following criteria, which is why you were not getting any results when you ran the report.

Context Name Like *Library*
Context Name Like Products*
Context Name Like MANUFACTURING EQUIPMENT

I pointed out to Antonio that this criterion would need to be modified to meet the naming convention of your company. I should have just removed it to avoid confusion.

Hope this helps,
Dax

From: James.Little@corning.com [mailto:James.Little@corning.com]
Sent: Monday, June 30, 2008 10:12 AM
To: Dax Williams
Subject: Re: [solutions] - RE: Access Policy Report

Dax,

First of all, this is great stuff....thanks for submitting this to the exploder.

I tried recreating the report in Query Builder. I can get everything just as you have it with the exception of the join between the Administrative Domain and the Context with the Context as Reference. This join is not available for me. Any suggestions?

When I import your QML file and run the report, I don't get any errors, but I don't get any results either.

Thanks,

James Little
CAD Administrator
Corning Cable Systems
Keller, Texas
817-431-7678
________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________
-----End Original Message-----(See attached file: ADMINISTRATIVE_Access Policy Rules by Context.qml)

Dax,

Thanks a lot for this information. It surely helps to understand the mapping for permission identifiers with name of permission.

Please refer to the attached screenshot where for the particular type it shows permission identifiers as [0, 10, 1, 11, 2] .  (Highlighted in red box)


How to interpret these double digit numbers  10,11 and 12 in the permission identifiers with respect to the below mapping?


Thanks in advance,

Sanjay 

 

 

Sanjay,
We import the report into excel as a web query. From there, we perform a "Find and Replace" where we replace the permission identifiers with the name of the ACL. Those identifiers map as follows:

[-1] = Full Control
[0] = Read
[1] = Modify
[2] = Create
[5] = Delete
[6] = Administrative
[7] = Revise
[8] = New View Version
[9] = Change Permissions

Hope this helps,
Dax

From: Sanjay Sawant [mailto:sanjusawant@rediffmail.com]
Sent: Monday, June 30, 2008 8:01 AM
To: solutions@lists.ptcuser.org
Subject: [solutions] - RE: SUMMARY- Access Policy Report


Dax ,

I am getting the Permission identifiers for "WTAcl Entry.Permissions" column. How do we replace the Permission identifiers with the name of the permission?



Thanks,

Sanjay


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________

Sanjay,
The permissions (10,11, and 12) are not available to us in 8.0 M050. Compare the output of your report to the permissions in the policy administrator to find out what these identifiers mean.

You can also look at the "access" package in Rational Rose. The WTPermission Class should show you the mappings.

http://YourWindchillDomain/Windchill/wt/clients/library/model/cat4161adbf0321/cat336759c6031e/class33678388001c.htm<http://yourwindchilldomain/Windchill/wt/clients/library/model/cat4161adbf0321/cat336759c6031e/class33678388001c.htm>


I would be interested in hearing what you find.

Thank you,
Dax

From: Sanjay Sawant [mailto:sanjusawant@rediffmail.com]
Sent: Wednesday, July 02, 2008 3:52 AM
To: solutions@lists.ptcuser.org
Subject: [solutions] - RE: SUMMARY- Access Policy Report


Dax,

Thanks a lot for this information. It surely helps to understand the mapping for permission identifiers with name of permission.

Please refer to the attached screenshot where for the particular type it shows permission identifiers as [0, 10, 1, 11, 2] . (Highlighted in red box)

How to interpret these double digit numbers 10,11 and 12 in the permission identifiers with respect to the below mapping?

Thanks in advance,

Sanjay




Sanjay,
We import the report into excel as a web query. From there, we perform a "Find and Replace" where we replace the permission identifiers with the name of the ACL. Those identifiers map as follows:

[-1] = Full Control
[0] = Read
[1] = Modify
[2] = Create
[5] = Delete
[6] = Administrative
[7] = Revise
[8] = New View Version
[9] = Change Permissions

Hope this helps,
Dax

From: Sanjay Sawant [mailto:sanjusawant@rediffmail.com]
Sent: Monday, June 30, 2008 8:01 AM
To: solutions@lists.ptcuser.org
Subject: [solutions] - RE: SUMMARY- Access Policy Report


Dax ,

I am getting the Permission identifiers for "WTAcl Entry.Permissions" column. How do we replace the Permission identifiers with the name of the permission?



Thanks,

Sanjay


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________

The AccessPermission class has all of the mappings. The WTPermission class is missing a few.

http://YourWindchillDomain/Windchill/wt/clients/library/model/cat4161adbf0321/cat336759c6031e/class3c437b05005d.htm


From: Dax Williams [mailto:dwilliams@lifetime.com]
Sent: Wednesday, July 02, 2008 10:31 AM
To: 'Sanjay Sawant'; solutions@lists.ptcuser.org
Subject: [solutions] - RE: SUMMARY- Access Policy Report

Sanjay,
The permissions (10,11, and 12) are not available to us in 8.0 M050. Compare the output of your report to the permissions in the policy administrator to find out what these identifiers mean.

You can also look at the "access" package in Rational Rose. The WTPermission Class should show you the mappings.

http://YourWindchillDomain/Windchill/wt/clients/library/model/cat4161adbf0321/cat336759c6031e/class33678388001c.htm<http://yourwindchilldomain/Windchill/wt/clients/library/model/cat4161adbf0321/cat336759c6031e/class33678388001c.htm>


I would be interested in hearing what you find.

Thank you,
Dax

From: Sanjay Sawant [mailto:sanjusawant@rediffmail.com]
Sent: Wednesday, July 02, 2008 3:52 AM
To: solutions@lists.ptcuser.org
Subject: [solutions] - RE: SUMMARY- Access Policy Report


Dax,

Thanks a lot for this information. It surely helps to understand the mapping for permission identifiers with name of permission.

Please refer to the attached screenshot where for the particular type it shows permission identifiers as [0, 10, 1, 11, 2] . (Highlighted in red box)

How to interpret these double digit numbers 10,11 and 12 in the permission identifiers with respect to the below mapping?

Thanks in advance,

Sanjay




Sanjay,
We import the report into excel as a web query. From there, we perform a "Find and Replace" where we replace the permission identifiers with the name of the ACL. Those identifiers map as follows:

[-1] = Full Control
[0] = Read
[1] = Modify
[2] = Create
[5] = Delete
[6] = Administrative
[7] = Revise
[8] = New View Version
[9] = Change Permissions

Hope this helps,
Dax

From: Sanjay Sawant [mailto:sanjusawant@rediffmail.com]
Sent: Monday, June 30, 2008 8:01 AM
To: solutions@lists.ptcuser.org
Subject: [solutions] - RE: SUMMARY- Access Policy Report


Dax ,

I am getting the Permission identifiers for "WTAcl Entry.Permissions" column. How do we replace the Permission identifiers with the name of the permission?



Thanks,

Sanjay


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________

Dax,

Thanks a lot. I could get the required information in the package.

Please find the attachment for all the permission mappings with permission identifiers.

 

Thanks,

Sanjay 

 

 



In Reply to:

The AccessPermission class has all of the mappings. The WTPermission class is missing a few.

http://YourWindchillDomain/Windchill/wt/clients/library/model/cat4161adbf0321/cat336759c6031e/class3c437b05005d.htm


From: Dax Williams [mailto:dwilliams@lifetime.com]
Sent: Wednesday, July 02, 2008 10:31 AM
To: 'Sanjay Sawant'; solutions@lists.ptcuser.org
Subject: [solutions] - RE: SUMMARY- Access Policy Report

Sanjay,
The permissions (10,11, and 12) are not available to us in 8.0 M050. Compare the output of your report to the permissions in the policy administrator to find out what these identifiers mean.

You can also look at the "access" package in Rational Rose. The WTPermission Class should show you the mappings.

http://YourWindchillDomain/Windchill/wt/clients/library/model/cat4161adbf0321/cat336759c6031e/class33678388001c.htm


I would be interested in hearing what you find.

Thank you,
Dax

From: Sanjay Sawant [mailto:sanjusawant@rediffmail.com]
Sent: Wednesday, July 02, 2008 3:52 AM
To: solutions@lists.ptcuser.org
Subject: [solutions] - RE: SUMMARY- Access Policy Report


Dax,

Thanks a lot for this information. It surely helps to understand the mapping for permission identifiers with name of permission.

Please refer to the attached screenshot where for the particular type it shows permission identifiers as [0, 10, 1, 11, 2] . (Highlighted in red box)

How to interpret these double digit numbers 10,11 and 12 in the permission identifiers with respect to the below mapping?

Thanks in advance,

Sanjay




Sanjay,
We import the report into excel as a web query. From there, we perform a "Find and Replace" where we replace the permission identifiers with the name of the ACL. Those identifiers map as follows:

[-1] = Full Control
[0] = Read
[1] = Modify
[2] = Create
[5] = Delete
[6] = Administrative
[7] = Revise
[8] = New View Version
[9] = Change Permissions

Hope this helps,
Dax

From: Sanjay Sawant [mailto:sanjusawant@rediffmail.com]
Sent: Monday, June 30, 2008 8:01 AM
To: solutions@lists.ptcuser.org
Subject: [solutions] - RE: SUMMARY- Access Policy Report


Dax ,

I am getting the Permission identifiers for "WTAcl Entry.Permissions" column. How do we replace the Permission identifiers with the name of the permission?



Thanks,

Sanjay


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________


-----End Original Message-----

________________________________________________________________________
This email has been proactively scanned for all known and unknown viruses. This message is now certified Virus-free.
________________________________________________________________________