The release of Autodesk's Vault 2017 made us very happy. We have known of a problem in the vault security for quite some time now. It dates back to around 2008, when it was discovered that there was an issue between folder-level permissions and lifecycle permissions. As an example (in the 2016 version in this case), I have a folder named Security. This folder is set with permissions so that only the administrators group can see files in that folder.
I check in a file to the security folder, named ‘Admins Only.Docx’.
I then assign a category to this document, which assigns a basic lifecycle. The file is currently in a 'Work in Progress' state, which is editable by most of the users. When I log into the vault using a guest account, I do not see the Security folder in the folder tree. If I perform a search in the vault, looking for that file, I indeed find it, and could conceivably get a copy or check it out. As an interesting side note, the vault understands that the file is not accessible to me and will not show me the path in which the file is found.
Fast forward to Vault 2017. Autodesk announces that they have redesigned the security model so that administrators are now able to better control the way the security model behaves.
In our new vault, I again create a folder named Security, and set the security so that only the Administrators group has access to those files. Note the additional setting that allows me to override the state-based security. This is the key to hiding the files in that folder from those that should not access them. I again, place my ‘Admins Only.Docx’ file in the folder.
I log in to the vault as ‘guest’. Looking through the folder tree, I do not see the ‘Security’ folder. I perform a search for the 'Admins Only' file, and I am pleased to see that the file is not available through the search results. I have now effectively hidden the file from all but the administrators.
Prior to the 2017 release, we would create a separate category for each type of restricted files, because we were forced to create a separate lifecycle for those files (having a separate category made it simpler for the users to assign the lifecycle, and allowed those files to stand out in a larger search result). With a separate lifecycle, we could allow a specific group of users to have access to those files. Hiding the folder from the rest of the users was essentially unnecessary because they could not see the files in the folder, but hiding that folder usually was preferred over the typical question from the users, “Why is there an empty ‘Security’ folder in the vault?” Vault 2017 now allows us to reduce the effort needed to separate those files that require some level of restricted access. We can now use a basic lifecycle for those files and feel safe that only those that can 'see' the file will be able to use that file. Kudos, Autodesk! For additional information, please see Autodesk's knowledge article on Vault 2017 security.
Could you please check if issue described in thread http://forums.autodesk.com/t5/vault-general-discussion/view-in-window-command-associated-files-of-released-item-fools/td-p/5508448 is solved after setting Vault in some known way?
Posted by: MaxU77 | 09/03/2016 at 07:32 AM
Hi MaxU77,
Yes, this new security model resolved that issue. When viewing the item, we now see a warning banner that states "You do not have access to one or more objects." In the section where the linked files are displayed, the secure file is not listed and so is not available to view or download.
Posted by: Mark Cloyed | 09/06/2016 at 09:01 AM