CustomSecurityLabel element
The CustomSecurityLabel element contains the data for defining a custom security label, the authorized participant for the custom security label values (if not all users), the agreement type (if any) associated with the custom security label values, and various mappings used by applications and services to process custom security labels. There should be one CustomSecurityLabel element for each custom security label you configure. For example:
<CustomSecurityLabel name="THIRD_PARTY_PROPRIETARY" enabled="true">
<SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|
THIRD_PARTY_PROPRIETARY</SecurityLabelResourceKey>
<CustomSecurityLabelValues>
<UnrestrictedPrincipal>
<ufid>cn=Employees,cn=Public,ou=people,cn=AdministrativeLdap,
cn=Windchill_10.1,o=ptc|Ldap.ptcnet.ptc.com|
Ldap.ptcnet.ptc.com</ufid>
<evaluatorClass>
com.ourcompany.CustomEvaluator
</evaluatorClass>
</UnrestrictedPrincipal>
<TranslatorClass>
com.ourcompany.CustomTranslator
</TranslatorClass>
</CustomSecurityLabelValues>
<SecurityLabelParameter>THIRD_PARTY_PROPRIETARY</SecurityLabelParameter>
</CustomSecurityLabel>
<SecurityLabelResourceKey>WCTYPE|wt.access.SecurityLabeled~SCA|
THIRD_PARTY_PROPRIETARY</SecurityLabelResourceKey>
<CustomSecurityLabelValues>
<UnrestrictedPrincipal>
<ufid>cn=Employees,cn=Public,ou=people,cn=AdministrativeLdap,
cn=Windchill_10.1,o=ptc|Ldap.ptcnet.ptc.com|
Ldap.ptcnet.ptc.com</ufid>
<evaluatorClass>
com.ourcompany.CustomEvaluator
</evaluatorClass>
</UnrestrictedPrincipal>
<TranslatorClass>
com.ourcompany.CustomTranslator
</TranslatorClass>
</CustomSecurityLabelValues>
<SecurityLabelParameter>THIRD_PARTY_PROPRIETARY</SecurityLabelParameter>
</CustomSecurityLabel>
The name attribute of the CustomSecurityLabel element is the string that is stored in the database for this security label, in this case, THIRD_PARTY_PROPRIETARY. For this custom security label to be available in your Windchill solution, the enabled attribute must be set to true. This name value does not generally show in the user interface; the display name for this security label was defined in the <Windchill>/wtcustom/wt/access/accessModelRB.rbinfo file previously.
 |
Keep the name attribute of the CustomSecurityLabel element and the internal custom label values as short as possible. You can use the TranslatorClass element to reduce the size of the internal values stored in the database. For more information, see ../customization/WCCG_Serv_SecurityLabels_CustomSLConfigImpl.html.
|
The SecurityLabelResourceKey element represents the resource key for the label, and is specified in the following format:
WCTYPE|wt.access.SecurityLabeled~SCA|<SECURITY_LABEL>
where <SECURITY_LABEL> is the value of the name attribute on the CustomSecurityLabel element. This resource key must be present in the accessModelRB.rbinfo resource file edited previously.
 |
Even if security labels are globally disabled, the security label resource keys specified in the configuration file must exist in the accessModelRB.rbinfo for the method server to start.
For more information on disabling security labels, see Disabling Security Labels and Values.
|
The CustomSecurityLabelValues element can have a single UnrestrictedPrincipal subelement, which specifies the authorized participant for the security label values. If the UnrestrictedPrincipal subelement is omitted, all users are cleared for access to objects with the custom label values.
The UnrestrictedPrincipal element can have a ufid subelement. The Unique Federation Identifier (UFID) or WTPrincipalReference, specifies a participant, which can be a user, user-defined group, or organization. The UnrestrictedPrincipal element can also have an evaluatorClass subelement, which specifies the evaluator class created in Step 3. Create a Custom Java Evaluator Class. The ufid subelement and the evaluatorClass subelement can either be used together or individually under the UnrestrictedPrincipal element.
For more information about the differences between using a ufid subelement, an evaluatorClass subelement, or both, see ../customization/WCCG_Serv_SecurityLabels_CustomSLConfigImpl.html.
The UnrestrictedPrincipal element can optionally have an AgreementType subelement. An agreement can be used to grant temporary clearance to users who are not authorized participants for the security label values. The content for the AgreementType element is specified in the following format:
<logicalTypeId><AGREEMENT_NAME></logicalTypeId>
where <AGREEMENT_NAME> is the internal name of the agreement type or subtype.
The optional TranslatorClass element specifies the class created in Step 4. Create a Custom Translator Class. The TranslatorClass element converts the internal name of the security label values into the external names, which appear throughout Windchill, and back again. If the TranslatorClass element is not specified, the internal and external values for the custom security label values are the same.
The optional SecurityLabelParameter element contains the parameter name used by various authoring applications as a file attribute to map to this custom security label. SecurityLabelParameter is always the last element within the CustomSecurityLabel element. The parameter name must follow any restrictions for parameter names that exist for the authoring applications.