Folder-based Security in EPDM

folders The EPDM Security model for folders is similar, but not identical to folder security in Microsoft Windows.  Folder access does have the standard read/write permissions as well as a laundry list of granular check boxes that help the EPDM Administrator control visibility and change access to the files inside a folder and even changes made to the folder itself.

There are two folder permission tabs within EPDM when you setup Group Permissions as they relate to the vault.  The first tab “Permissions Per Folder” operates like this:  permissions given at the specific folder you select WILL be inherited by the sub-folders underneath it automatically.  Giving someone permission for any action or event at the top-level folder will grant them that same permission at all the other levels.  Similarly restricting permission at the top level will restrict that permission at all other lower levels.  The view within the permission window easily displays this by showing the “+” boxes next to each folder so that you can expand them down and see what is underneath.

The second tab “Assigned Folder Permissions” is best used to view the setup you performed in the first tab.  It was explained as follows by a SolidWorks corporate insider: the two tabs are simply two ways of assigning or viewing permissions.

The “permissions per folder” tab allows you to navigate a folder tree and set explicit permissions, however, you will only see the permissions for the folder you select in the tree.  This one is best used when setting up permissions.   

The “assigned folder permissions” tab allows you to view a list of the various folders to which you have assigned explicit permissions.  This one is best to use to get an overview of permissions already set.

So the difference is basically the way you display the permissions. Either clicking through the folders one-by-one in the “permissions per folder” tab or viewing all of the permissions in the “assigned folder permissions.”

Note that you will not see the “inherited” permissions from a group membership if you view a user profile card and the “assigned folder permissions.” It will only list “explicit” permissions set for that user (or group if you are viewing the group card).

Share and Enjoy:
  • Digg
  • Facebook
  • del.icio.us
  • Google Bookmarks
  • LinkedIn
  • Mixx
  • MySpace
  • NewsVine
  • Ping.fm
  • Sphinn
  • StumbleUpon
  • Technorati
  • Twitter
  • Yahoo! Buzz
  • Print
  • email
  • RSS

Tags: , , , ,

Read more posts by Daniel Rohats

This entry was posted on Tuesday, June 30th, 2009 at 10:51 am and is filed under Product Data Management, Technical Tips. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Folder-based Security in EPDM”

  1. Oleg said:
    July 1st, 2009 at 2:21 am

    In my view folder, project and other type of security is just compromises in ability of the system to manage data securely. This is ok, until it will not create side effects (and specially in usability). In my view tagging is something very useful, but not very aligned to folder/project and other structured security models. In the end, I want to say – this objects (or whatever other granular entity )access models is …. Just my 2ct. Oleg

  2. Daniel Rohats said:
    July 6th, 2009 at 7:19 pm

    Oleg, I agree that the project/folder based security is imperfect in many ways. As you stated this is a compromise security model and is what we have to work with at the time. A “tag” based model would be useful as well, but you would have to have a limited or administered set of tags in the system or else it could easily get out of control. Perhaps that is an enhancement request we could both make to SW corp. to add that into a future release of the software.

Leave a Reply




Message: