Distributed Administration of Policy Rules
Distributed administration is the administering of a Windchill solution by different groups of individuals. Each group has responsibility for a particular area of the solution, with enough privileges to fulfill their administrative responsibilities. Domains denote administrative areas in Windchill. Windchill supports distributed administration of access control, indexing, and notification policy rules. General information about setting up administrators can be found in Establishing Administrators.
Access control, indexing, and notification rules are members of the domain to which the rule applies. For example, if you define an access control rule granting Read access to documents belonging to the Publications domain, then the rule itself belongs to the Publications domain. This allows policy rules to be administered by different groups of administrators.
To give a group of administrators the rights they need to manage policy rules for an area of the system, you need to define access control rules granting permissions to the group for the AccessPolicyRule, IndexPolicyRule, and NotificationRule object types, and the domain associated with their area of responsibility. A predefined access control rule for the / (Root) domain in the site context, grants all permissions to the Administrators group for all objects, so members of this group can manage policy rules for all domains.
For example, consider the following rules:
Domain
Type
State
Participant
Permission Granted
Rule 1:
/ (Site)
AccessPolicy Rule
All
Marketing Administrators
Read
Rule 2:
/ (Site)
IndexPolicy Rule
All
Marketing Administrators
Read
Rule 3:
/ (Site)
Notification Rule
All
Marketing Administrators
Read
Rule 4:
Marketing (Bike Production)
AccessPolicy Rule
All
Marketing Administrators
Full Control (All)
Rule 5:
Marketing (Bike Production)
IndexPolicy Rule
All
Marketing Administrators
Full Control (All)
Rule 6:
Marketing (Bike Production)
Notification Rule
All
Marketing Administrators
Full Control (All)
These rules grant all permissions to the MarketingAdministrators group for the policy rule object types in the Marketing domain of the Bike Production library context. They allow members of the MarketingAdministrators group to view, create, update, and delete rules in the Marketing domain or any of its descendent domains, but not to manage rules in any ancestor domains. The rules granting read permissions to the MarketingAdministrators group for the policy rule object types in the Root domain allows members of the MarketingAdministrators group to see the rules inherited from ancestor domains.
Isto foi útil?