I would like my users' individual access to a given transition to be determined by whether they have the right to otherwise change the file they are trying to transition. It seems that any user given the permission to EVER access a given transition, can access that transition on any file they can read, in any folder they can see. Is this the case? Is there a way around it?
If i understand your question correctly, you are asking if you can prevent a user from transitioning a file even though they can see it in the vault? If that is correct yes, you can.
Transition permissions (who can do the groups or individual users) are set at the transition while being able to view a file is set at the folder level and then by state permissions.
Hope this helps
~Tom
PDM Admin Specialist
Hi Charley, you cannot set transition permissions on folder as such, but what you could do is add conditions in the transition properties, so that users cannot transition a file unless it meets a specific filepath requirement:
The only other way would be to create workflows that only accept files into certain folders within the vault, and restrict users to using those workflows.
Kind regards,
Prasad
We work on many different projects. For a given project, I need to have people who can see it but can't change it (perhaps a group called "Project A, read-only"), and people who can change it ("Project A, READ-WRITE"), and people who can see other things in the vault, but not this project (not in either group). I really really really really don't want moving a file to a different folder to be part of the process of revising it (even though doing so is safe in the vault environment). It seems logical to me that if I can vary who can check a file out with a combination of state and folder permissions (which can be assigned by group or individual), I should also be able to vary who can change the state of a file (transition it), with the same combination. How are people handling this? I'm probably missing something.
I'll say it's possible but you're going to be using very lightly used functionality (ala buggy). Here's what you do, create a group named Approvers and give them the transition permissions (no folder permissions, they should get that from other groups). Then add users to that group but choose what folder you want them to be able to approve on.
Good luck.
If I understand correctly, you're proposing to give people the ability to execute the transition to release something by virtue of their membership in that "Approvers" group. But - again, if I understand correctly - that gives them access to that transition on any file they can see (even if they can't check that file out). Doesn't solve my need, since I need anyone with the ability to check out files in a given folder, to also have the ability to transition files in that same folder (but not in folder where they're not allowed to check files out). Here, anyone with check-out rights, IS approved to change states. The problem is, anyone with read-rights in "Project A", if they have change-state rights anywhere else, also has them in "Project A".
Yeah it's really hard to explain/understand, but it'll do what you want you just have to play around with it to get how it works. If User A is a member of Approvers in Project A but not Project B then he will only be able to approve files in Project A. You can add the same user to the group in multiple locations too, just don't do it for a parent folder of the projects folder. Test it out and post screenshots if it doesn't work the way you want.
The ability to make someone a member of a group for only certain subfolders would indeed take care of it. I haven't been successful in doing that, and would appreciate screen shots by someone who has.
This is the nugget I was missing! My life just improved immensely.
