This content has been marked as final. Show 15 replies
The state of off-line or on-line is decided by the client when accessing the vault. It's all or nothing. You can "hide" a folder using group permissions. Use the administration tool to create and manage the new group.
This has become a critical issue for one of our customers, in off-line mode a user with very limited access is able to read some sensitive files that he's not supposed to see. The reason is that those files were cached in his local computer "somehow" before, "somehow" here can be:
- The admin user did log in to the vault in his computer and work on some files
- He used to have more permissions on those files before.
The point here is that it does not matter whether you work online or offline, if you shouldn't see some files then you should never see them in whichever mode.
I wish there was a way and admin could flush a users cache remotely and push a Get Latest on certain folders like templates
Hi Mike -
The Admin should empty the local cache prior to logging out.
I got more input, the way you can see "everything cached" is by design, it does not matter what role was logged in before going off-line, when in off-line mode everyone will see the same cache folder ... That explains why once a file was cached, everyone can see it!! And the *interesting* thing is that if you're not able to see those files in on-line mode, just go off-line then you will see them!
I really think that this shouldn't be just "by design" and should be considered as a "bug".
Empty the local cache completely could avoid this problem somehow, however in a scenario that more than one user are sharing a desktop:
- It's easier to forget than to remember doing so (since when user is not forced by a tool, sometimes he will forget), not to mention that when one user still wants to keep some checked out files.
One may argue that we should avoid having two users with different permissions level working on the same computer, however it's not always practical in a way that: there is a user with very limited access who just sometimes works in the company, and when he comes, he just uses some available computer that no one else is using. This can happen quite often!
There is not another solution.
Please submit an enhancement request via the website.
Hi Kim and everyone,
I had seen small bugs in the system but this one is really over the top.
It cancels all the care used for setting access permissions and ruins the whole safety of the system.
It looks like I am the second user to notice, what about others? How can you buy a system if you can't rely on the permissions? it is really one of the most basic functions a PDM system should have.
The fact that resellers do not even know about this is even worse: everyone just logs in as admin and just not delete the cache. everyone does it. Nowadays, computers do not really belong to people but are just used to log in into system. I think the way it works ignores the reality in most companies.
any alternative solution is welcome....
have a nice day
I totally understand your frustration, and we are not giving up on this.
Just a minor correction, if you log in as Admin just to do some settings and do not check out/get latest version on any files then no file will be cached on the Computer. Though, this fact does not at all prove anything.
Why isn't acceptable to rely on NTSF permissions? When you create the vault view you are asked if the view would be available to you only or to everyone.
thanks Jeff, you've pointed out a tip that we didn't think of!
We can also rely on placing the Vault view in My Documents for example, so other users won't see the Vault.
But doing this we couldn't have two users working on the same computer, could we?
If you have two users using the same machine, this is IMHO actually the best method to use.
The full path of My Documents is typically: C:\Documents and Settings\[username]\My Documents. Thus each user has a different location.
I'll accept payment next week, in all forms of liquid nourishment....it is like a sandwich in a bottle. Who says resellers don't know this software?!
I just tested and placing the File Vault View in 'My Documents' seems to work fine, different users can have different File Vault Views in their own My Documents.
@Jeff: haha, you're going to SolidWorks World, aren't you? I will buy you a beer
I would like to insist on that topic.
I totally agree with Kim's proposal to have automatic clearing of the cache. This has to be high up on the list: this problem makes lots of functionalities totally unefficiant (all access control, authorisations etc) and this makes the system totally unsafe for industrial companies dealing with patent applications and new products.
All companies signing in for PDMWE should know about this problem before buying this software. One of the minimum thing you expect, having the possibility to control the access, is that you can rely on those functions. Here I feel fooled because we have spent a lot of time deciding who should have which right in the system (especially for the consultant) when it is so easy to go around those restrictions (and this has been found by our consultant himself!).
I understand the technical limitation, but then solidworks/resellers should not pretend that it is possible to limit the access to people. When updating an access or more than one users using one computer, the admin can't go and clear the cache each time. So your customers should know this in advance so that at least they avoid damage to their intellectual properties, are aware of the clear cache function and maybe don't use the system with external people/consultant at all.
We will not move the vault to "my documents" as this is not accessible from other computers, also to avoid hyperlink breaks.