We would like to restrict access to certain types of parts (ie restricted). We would the people that have access to this inforamtion to have access to nonrestricted parts as well since restricted and non-restricted parts often have parts in common when looking at assemblies.
There is some divergence of thought here on our Aras team. One school of thought is to create a totally new item type called restriced parts but the concern is permissions, access, running reports, etc.
Another school of thought is to make restricted parts a subset of parts item type. And the final thought is to add a field to the parts form called restricted that with some programming surrounding permssions will only allow those with access to restricted to view restricted items.
Any thoughts, tips or views?
I'm trying to do something similar. I'm intending to use a property patterned after owned_by_id to control access. The idea is that you add a property to the Part item type that allows you to select an access list from Identities. Then you just delete "All employees" from the Part permission and add your new property. The problem is that I can't figure out how the owned_by_id works. It somehow connects the Identity you choose to another identity called Owner which is on the Permission. I can't figure out how that linking is done. BUT, you can just "steal" the owned_by_id and use it for your access lists if can do without it otherwise.
Hi Nirie1
I will be doing something similar for restricted parts and documents, the first thing I will be trying is to use Classification field to identify restricted items and based on this have different Life cycle maps which can define permissions. Another line of thought was to setup different groups and permissions sets which would be project driven. On the Parts or Document forms you can add a method of selecting the project and trigger an event to set the securities base on the project .
By using a project based configuration you can easily manage the users for each group and provide the project managers with the rights to perform this maintenance function. With version 9.2 you can set the discover mode which will allow people who do not have access the ability to find the items but not open them. The only question I have at this time is does a restriction need to be on Parts or just the associated Documents. My thinking is to leave parts open and only restrict Documents.
I like the idea of using different life cycle map to set separate permission for the released stage, of the restricted document, based on classification. However, I've tried to implement that and gotten an error regarding "No items of type Document found."
Additionally, I do not know whether it is neccessary to set permission for file, since file is not directly accessible by users. This could be a challenge to set permission on file. It means that we have to build different file loading interface to accept restricted/non-restricted access.