This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SUPPORT Q&A - Permission based on Class Structure

mmukesh - Thursday, April 23, 2009 10:39 AM:

Hi,

Could it be possible to have different permissions for one single Item type based on the class structure?

For example, if item type is "Document" consisting of class structure like <Document ->  Specifications> < Document -> Case Studies>.

"User 1" has read only access to "Case Studies" and no access to "Specifications"

Similarly, "User 2" has read only access to "Specifications" and  no acces to "Case Studies".

Please advise.

Cheers

MK



RobMcAveney - Thursday, April 23, 2009 12:47 PM:

Hi mmukesh, and welcome.  There are a couple ways to accomplish this, but the easiest is to use separate Life Cycle Maps for the two classes and implement State Permissions.  This is a new feature in Aras Innovator 9.1.  To use it:

  1. Create a new Permission item (e.g. "New Case Study") with whatever Access privileges you wish.
  2. Create a new Life Cycle Map (e.g. "Case Study") with whatever States and Transitions you want.  You could even just do a Save As on the Document Life Cycle Map if it will be mostly the same. Then go to the Start State of your new Life Cycle Map and set the State Permission field to the Permission you just created.
  3. Edit the Document ItemType and add a new Life Cycle relationship to your Life Cycle Map.  Set the Class Path to the class you want to have different Permissions (e.g. Case Study)
  4. Create a new Document item, set its Type field to the class (e.g. Case Study) and save.  Then go to Views->Permissions->View and you should see that the item has the new Permission.  Note: there is a display issue in the View->Permissions menu and it may display the wrong Permission name.  This is a display-only problem and I have already reported it.

If you don't want to create a separate Life Cycle or if you are using an older version, there are programmatic ways to accomplish class-based Permissions as well, but the above is the suggested method.

Rob



mmukesh - Friday, April 24, 2009 6:51 AM:

Thanks Rob,

We are using ARAS v 9.0.1 Build 5430.

Query on Step 3: How to add a new Life Cycle Relationship to Life Cycle Map? There seems no option available.

Cheers

MK



RobMcAveney - Friday, April 24, 2009 10:25 AM:

Class-based Life Cycle is a new feature in 9.1, so that option won't be available in 9.0.1.  Class-based permissions are still possible in 9.0.1, but it would require writing method code.  Are you comfortable with programming?  If not, I would suggest getting in contact with Aras services about either implementing the feature for you in 9.0.1 or upgrading to 9.1.

Rob



francissdo - Tuesday, August 31, 2010 5:21 PM:

What am I missing?  I am getting an error saying that "No items of type Document found" when trying to create new item with sub-type. 

As a test to discover AI functionality, here is what I did:

Setup process:

1. Create a new DLC with one state, start (released) and call it "Restricted Document Life Cycle" or RDLC.

2. Create "Restricted Access" Permission.

3. Create "Special Access Privilege", a non-alias identity.

4. Create "Special Readonly Access Privilege", a non-alias idenity.

5. Assign "Special Access Privilege" to "Restricted Access" permission and set it to have the ability to "Get", "Update", "Delete", "Can Discover", and "Can change access".

6. Assign "Special Readonly Access Privilege" to "Restricted Access" permission and set it to have the ability to "Get", "Can Discover".

7. Assign alias identity (or users) to each group, the "Special Access Privilege" and the "Special Readonly Access Privilege".

8. Adding RDLC to Document type with classification "Restricted Document".  Restricted document class is an inherited class from the out-of-the-box Document (i.e., Document > Restricted Document).

9. Log in as one of the "Special Access Privilege" group (role) member and create new Document with type (or classification) "Restricted Document".