Server Configuration > Access Control List Permissions > Configuration Management ACLs > Subproject ACLs
 
Subproject ACLs
Configuration management subprojects are controlled by the ACL entries assigned to their parent projects. If you want specific subproject permissions you must set up specific subproject ACLs. Setting up subproject ACLs is greatly facilitated by the ability to copy an ACL.
Furthermore, it is important to note that a change made to the ACL of the parent project recurses into any subprojects contained in that directory, with the exception of shared subprojects. However, once you configure ACLs for individual subprojects, a change made to the ACL of parent project does not appear in the subproject ACL. You must then change each created subproject ACL independently.
* 
Shared subprojects do not inherit permission from the locations to which they are shared. The permissions of the shared subproject are based on the location where the subproject was originally created. You can find information about where the subproject was originally created by viewing the subproject information.
If you have restricted the permissions on a project, you must adjust the permissions for shared subprojects to ensure that data security is maintained.
* 
When working with shared subprojects, Integrity Lifecycle Manager uses the actual name of the subproject in the file system rather than its relative name in the project hierarchy for the purposes of resolving ACLs. This enhances the portability of change packages across different projects.
By default, changes made to the ACL of a parent project do not recurse to a variant project.
Policy resolution is affected by the lock attribute assigned to each policy. Policies are checked from the top down, and once a locked policy is encountered, no further policies are checked. If a policy is locked in the top level project, policies in the contained subprojects are not used. Locking a policy prevents a more precise policy from taking precedence. For additional information on working with policies, see “Configuration Management Policy Options”.
One strategy for working with inherited permissions is to clear (or leave unset) certain permissions in the subproject ACL so that those permissions are always allowed or denied permissions based on the ACL of the parent project. By using this approach, only one change in the parent is necessary to affect all subprojects.