Administration > Access Control Rules for PTC FlexPLM > Examples of Use Cases
  
Examples of Use Cases
Groups, Users, User Membership, and Classes
Groups: Retail, GroupA, GroupB, GroupC, GroupD
Users: retailUser, gA, gB, gC, gD, gE
Groups and user membership:
Retail group: GroupA, GroupB, GroupC, retailUser
GroupA: GroupD, gA
GroupB: gB, gE
GroupC: gC, gE
GroupD: gD
Classes in use cases:
Use Case 1
Permission: Grant read access to the Retail group on the Color type (LCSColor) and apply “All except principal.”
Result: No users have the Color type in their libraries. For example, the Color type is not accessible to retailUser and gA.
Use Case 2
Permissions:
Grant full control to the Color type to the Retail group; do not apply “All except principal.”
Deny create access to LCSColorSubtype1 to GroupA and apply “All except principal.”
Results:
gA has read and create access to the Color type and its subtypes.
gD (member under groupA) has read and create access to the Color type and its subtypes.
retailUser, gB, gC, and gE have read access to the Color type and its subtypes but do not have access to create LCSColorSubtype1. They have access to create LCSColorSubtype3 and LCSColorSubtype4.
Use Case 3
Permissions:
Grant full control to the Color type to the Retail group; do not apply “All except principal.”
Deny create access to LCSColorSubtype1 to GroupA and apply “All except principal.”
Deny create access to LCSColorSubtype3 to GroupB and apply “All except principal.”
Results:
gA and gD have read permission on all types but do not have create permission on LCSColorSubtype3 or LCSColorSubtype4. They do have create permission on LCSColorSubtype1 and LCSColorSubtype2.
retailUser has only read permission for all the types, but has create permission only on LCSColorSubtype3.
gB has read permission on all color and subtypes, but has create permission only on Color, LCSColorSubtype3, and LCSColorSubtype4.
Use Case 4
Permissions:
Grant full control to the Color type to the Retail group; do not apply “All except principal.”
Deny create access to LCSColorSubtype1 to GroupA and apply “All except principal.”
Deny create access to LCSColorSubtype3 to GroupB and apply “All except principal.”
Deny create access to LCSColorSubtype1 to GroupB and apply “All except principal.”
Results:
gC, gA and gD have read permission on all types but do not have create permission on any of its subtypes (only for the Color type) because of the rule created on GroupB.
gB has read permission on the Color type and all its subtypes. gB has create permission only on the Color type, LCSColorSubtype3, and LCSColorSubtype4. Note that gB does not have permission on LCSColorSubtype1 even though it was granted, because it was taken by the prior grant on GroupA.
Use Case 5
Permissions:
Grant create access to LCSColorSubtype1 to retailUser, gA, gB, gC, gE, and gD.
Deny create access to LCSColorSubtype2 to gA.
You cannot use the “All except principal” rule in LCSColorSubtype2 for groupA. Instead, you need to explicitly deny the access. This solves the issue in use case 4 where gB cannot access a group.
Use Case 6
Permissions:
Grant full control to the Color type to the Retail group; do not apply “All except principal.”
Deny create access to LCSColorSubtype1 to GroupD and apply “All except principal.”
Results:
gA, gB, gC, gE, and retailUser have read permission on the Color type and create access on only LCSColorSubtype3 and LCSColorSubtype4.
gD has read and create permission on the Color type and all its subtypes.
Use Case 7
Permissions:
Grant full control to the Color type to the Retail group; do not apply “All except principal.”
Deny create access to LCSColorSubtype1 to GroupC and apply “All except principal.”
Results:
gC and gE have read and create permission on the Color type and all its subtypes.
gA, gB, gD, and retailUser have read permission on the Color type and create access on only LCSColorSubtype3 and LCSColorSubtype4.
Use Case 8
Permissions:
Grant full control to the Color type to the Retail group; do not apply “All except principal.”
Deny create access to LCSColorSubtype1 to GroupC and apply “All except principal.”
Deny create access to LCSColorSubtype1 to GroupB and apply “All except principal.”
Results:
gD and gA have read permission on all types but do not have create access for LCSColorSubtype1 and LCSColorSubtype2. gD and gA have create access on LCSColorSubtype3 and LCSColorSubtype4.
retailUser, which is in the parent group Retail, does not have create access to LCSColorSubtype1 and LCSColorSubtype2.
gB and gC have read permission on the Color type and create access on only LCSColorSubtype3 and LCSColorSubtype4.
gE has read permission on the Color type and all its subtypes.