Using a Custom Evaluator and UFID to Specify the Authorized Participants
When using a custom evaluator class to determine if a user is an authorized participant for a security label value, the boolean isRestrictedBySecurityLabelValue(WTPrincipal principal, SecurityLabeled object, String label_name, String label_value) method is called, but this method can call the super.isRestrictedBySecurityLabelValue(principal, label_name, label_value) method to also incorporate the UFID specified in the security labels configuration file. If the super.isRestrictedBySecurityLabelValue method is called, then it is up to the evaluator to use the answer from super.isRestrictedBySecurityLabelValue in whatever way is desired.
For example, a site may have a system outside of Windchill that tracks whether a user has completed ITAR training. The ITAR Clearance-US security label value on the Export Control standard security label is configured with a custom evaluator. The custom evaluator queries the external system to determine if the user has completed the training. If the user has completed the training, the external system returns a value of Yes to the custom evaluator method. Then, the super.isRestrictedBySecurityLabelValue method is called and the user is evaluated to determine if they are a member of the US Persons group. If that is true, the user is cleared for the security label value and the method returns false. If the user has not completed the training, the external system returns a value of No to the custom evaluator method and the super.isRestrictedBySecurityLabelValue method is not called, the method returns true and the user is not cleared for the security label.