Our business users had a requirement to make certain diagrams available for reading only to users with a set of specific profiles. Users with those specific profiles should be able to double-click on described objects, and the diagram should open in read-only mode. Users should also be able to access the read-only diagrams, by right-clicking on the described object.
We have implemented the following:
- created a "writing" data access rule applied to those specific profiles that enforces the read-only when opening the diagram types we are looking to restrict access to in RO.
- kept for the specific profiles the appropriate DiagramTypeZoom for the described objects/diagram types we want to restrict access to their diagrams in RO, so they can still see the describing diagrams when right-clicking on object, and double-clicking on an object
- set CRUD to "R" on the "description" MetaAssociationEnd for all objects in scope.
We have noticed that despite applying the same configuration across all impacted Profiles/MetaClasses/DiagramTypes, the behavior in HOPEX varies, ex.: we have 1 profile where the restrictions work perfectly for the Capability MetaClass, but not with the Functional Process MetaClass. Users with that profile can open diagrams in RO by double-clicking/right-clicking on a Capability, but can't double-click or right-click on the described Functional Process to open the diagram in RO.
Based on what I see in the Permission Manangement console, the same permissions have been applied. Does anyone have an idea why the behavior is apparently inconsistent?
Solved! Go to Solution.
Does that User also have any other Profile assigned to him?
Did you compile the metamodel after changing the CRUD settings?
Can you do the following Test.
User A: Just has that one particular profile assigned and then test the RO option for that diagram.
User B: Has two profiles assigned where one profile has RO and the other profile has RW for that Metaclass.
I have cases where the user has only 1 profile, and cases where a user has multiple profiles. My user for example, has multiple profiles that are supposed to have the same CRUD restrictions: they work fine with all profiles, except the 1 profile where we've noticed the different behavior. A user with that just that 1 profile also notices the different behavior.
After applying the changes, we ran a translate and compile on the environment including the permissions.