15 Replies Latest reply on Apr 28, 2009 12:52 PM by Ariane Beix

    Work off-line and work on-line

    Jaray Mekkaew
      I have many folder in our project and have some folder that i want to protect from some group. no need some group to see this folder.

      when they log-in they can see only permit folder but if they set work off-line they can see all in blue color folder and see don't permit folder too.
      how do i hide that project all in off-line and on-line mode.
        • Work off-line and work on-line
          Todd Puckett
          The state of off-line or on-line is decided by the client when accessing the vault. It's all or nothing. You can "hide" a folder using group permissions. Use the administration tool to create and manage the new group.
          • Work off-line and work on-line
            This has become a critical issue for one of our customers, in off-line mode a user with very limited access is able to read some sensitive files that he's not supposed to see. The reason is that those files were cached in his local computer "somehow" before, "somehow" here can be:
            - The admin user did log in to the vault in his computer and work on some files
            - He used to have more permissions on those files before.

            The point here is that it does not matter whether you work online or offline, if you shouldn't see some files then you should never see them in whichever mode.
            • Work off-line and work on-line
              I got more input, the way you can see "everything cached" is by design, it does not matter what role was logged in before going off-line, when in off-line mode everyone will see the same cache folder ... That explains why once a file was cached, everyone can see it!! And the *interesting* thing is that if you're not able to see those files in on-line mode, just go off-line then you will see them!

              I really think that this shouldn't be just "by design" and should be considered as a "bug".
              • Work off-line and work on-line
                @Joy:
                Empty the local cache completely could avoid this problem somehow, however in a scenario that more than one user are sharing a desktop:
                - It's easier to forget than to remember doing so (since when user is not forced by a tool, sometimes he will forget), not to mention that when one user still wants to keep some checked out files.

                One may argue that we should avoid having two users with different permissions level working on the same computer, however it's not always practical in a way that: there is a user with very limited access who just sometimes works in the company, and when he comes, he just uses some available computer that no one else is using. This can happen quite often!
                  • Work off-line and work on-line
                    Joy Garon
                    Kim -

                    There is not another solution.
                    Please submit an enhancement request via the website.

                    Regards,
                    Joy
                      • Work off-line and work on-line
                        Ariane Beix
                        Hi Kim and everyone,
                        I had seen small bugs in the system but this one is really over the top.
                        It cancels all the care used for setting access permissions and ruins the whole safety of the system.
                        It looks like I am the second user to notice, what about others? How can you buy a system if you can't rely on the permissions? it is really one of the most basic functions a PDM system should have.

                        The fact that resellers do not even know about this is even worse: everyone just logs in as admin and just not delete the cache. everyone does it. Nowadays, computers do not really belong to people but are just used to log in into system. I think the way it works ignores the reality in most companies.

                        any alternative solution is welcome....
                        have a nice day
                    • Work off-line and work on-line
                      Ariane,

                      I totally understand your frustration, and we are not giving up on this.

                      Just a minor correction, if you log in as Admin just to do some settings and do not check out/get latest version on any files then no file will be cached on the Computer. Though, this fact does not at all prove anything.
                      • Work off-line and work on-line
                        Jeff Sweeney
                        Why isn't acceptable to rely on NTSF permissions? When you create the vault view you are asked if the view would be available to you only or to everyone.
                        • Work off-line and work on-line
                          thanks Jeff, you've pointed out a tip that we didn't think of!
                          We can also rely on placing the Vault view in My Documents for example, so other users won't see the Vault.

                          But doing this we couldn't have two users working on the same computer, could we?
                          • Work off-line and work on-line
                            Jeff Sweeney
                            If you have two users using the same machine, this is IMHO actually the best method to use.

                            The full path of My Documents is typically: C:\Documents and Settings\[username]\My Documents. Thus each user has a different location.

                            I'll accept payment next week, in all forms of liquid nourishment....it is like a sandwich in a bottle. Who says resellers don't know this software?!
                            • Work off-line and work on-line
                              I just tested and placing the File Vault View in 'My Documents' seems to work fine, different users can have different File Vault Views in their own My Documents.

                              • Work off-line and work on-line
                                @Jeff: haha, you're going to SolidWorks World, aren't you? I will buy you a beer
                                  • Work off-line and work on-line
                                    Ariane Beix
                                    Hello everyone,

                                    I would like to insist on that topic.

                                    I totally agree with Kim's proposal to have automatic clearing of the cache. This has to be high up on the list: this problem makes lots of functionalities totally unefficiant (all access control, authorisations etc) and this makes the system totally unsafe for industrial companies dealing with patent applications and new products.

                                    All companies signing in for PDMWE should know about this problem before buying this software. One of the minimum thing you expect, having the possibility to control the access, is that you can rely on those functions. Here I feel fooled because we have spent a lot of time deciding who should have which right in the system (especially for the consultant) when it is so easy to go around those restrictions (and this has been found by our consultant himself!).

                                    I understand the technical limitation, but then solidworks/resellers should not pretend that it is possible to limit the access to people. When updating an access or more than one users using one computer, the admin can't go and clear the cache each time. So your customers should know this in advance so that at least they avoid damage to their intellectual properties, are aware of the clear cache function and maybe don't use the system with external people/consultant at all.

                                    We will not move the vault to "my documents" as this is not accessible from other computers, also to avoid hyperlink breaks.

                                    regards,

                                    Ariane