Available Permissions

Server Configuration > Access Control List Permissions > Managing ACL Permissions > Available Permissions

There are the following types of permissions available: Integrity Lifecycle Manager server, workflows and documents, configuration management, ViewSet, and Solution.

To revise the Admin permission using the Integrity Lifecycle Manager administration client

1. From the Integrity Lifecycle Manager administration client, open the Integrity view, and click to expand the Permissions section. The display pane shows the global permission information for the mks:im ACL.

The default ACL entry for mks:im is a group named everyone. Remember, ACL entries consist of principals and permissions. In this case, the assigned permission is Admin.

In the default condition, the Admin permission is allowed for the everyone group.

You should first add a new ACL entry that gives you, or your group, full login access to workflows and documents. To add a new ACL entry, highlight the Globalmks:im ACL, and right click to choose New from the shortcut menu. The Select ACL Entries to Add dialog box displays.

2. From the Principal list, select the group or user you want to add the new ACL entry for. For example, you could select the user or group names for the individuals who manage workflows and documents on your system. For information on filtering data and selecting items in the Select ACL Entries to Add dialog box, see the Filtering Data topic in the Getting Started documentation.

3. To change the mks:im Admin permission, click the indicator box and toggle through the condition indicators until the box displays a green plus sign indicating the allowed condition.

Once you add a principal, you can edit the associated permissions at any time by selecting the required option from the ACL menu or by right clicking and choosing the required option from the shortcut menu. Menu options include Allow Permission, Deny Permission, and Clear Permission.

4. Click OK to return to the main Integrity Lifecycle Manager administration client interface. The display pane shows the new ACL entry for the selected principal and the Admin permission is enabled for that principal.

The next step is to clear the Admin permission for the everyone group.

When setting mks:im ACL permissions for the everyone group, be careful that you only clear the Admin permission.

Do not deny the Admin permission to the everyone group—this effectively denies the administration permission to all users, including any administrator included in that group. Users who are denied administrative access cannot set up workflows and documents.

5. To clear the mks:im Admin permission for the everyone group, click the indicator box and toggle through the condition indicators until a blank box displays indicating a cleared condition.

6. To accept the changes, click OK. The Admin permission is now cleared for the everyone group and explicitly allowed only for the selected administrative user or group.

Admin Permission for Integrity Lifecycle Manager server Administrators

You must have the Admin ACL permission to configure Integrity Lifecycle Manager through the Integrity Lifecycle Manager administration client. To administer Integrity Lifecycle Manager, be sure your user name is listed in the appropriate group or you have that permission explicitly defined to your user name.

The user assigned the Admin permission in Integrity Lifecycle Manager is known as the super administrator. The Integrity Lifecycle Manager server administrator has access to all administrative objects in Integrity Lifecycle Manager, including users, groups, dynamic groups, projects, states, types, fields, and triggers. The super administrator can also delegate responsibilities for managing projects and types by assigning project administrators and type administrators.

The Admin ACL also allows you to import users and groups from MKS Domain. There are no individual ACLs associated with this function. It only available through the global Admin permission.

The following table details the permissions attributed to the Admin ACL:

Component	Admin Permission
Workflows and Documents	ViewAdmin
	TimeTrackingAdmin
	CreateType
	CreateProject
	CreateCPType
	CreateQuery
	CreateSharedAdmin
	ShareToEveryone
	ViewMyNotification
	ModifyMyNotification
	TimeTrackingAdmin
	CreateProject
	CreateCPType
	CreateQuery
	CreateSharedAdmin
	ShareToEveryone
	ViewMyNotification
	ModifyMyNotification
Configuration Management	ChangePackageAdmin

The ChangePackageAdmin ACL permission also allows you to close change packages initiated by another user.

You can review and revise the Admin ACL permission in mks:im ACL through the CLI. For additional details, see “User and Group Permissions: Access Control Lists”.

You may want to assign all available workflow and document permissions to the user or groups that administer Integrity Lifecycle Manager.

Integrity Lifecycle Manager server Permissions

Server related permissions in the mks ACL restrict the user’s ability at the root level of the Integrity Lifecycle Manager server to perform administrative functions on the server.

To assist in partitioning administrative tasks, the ViewAuditLog permission grants the assigned user access to view the server audit log files. With this permission, you can assign review tasks to users, without allowing any other type of access to the Integrity Server.

There are additional permissions associated with FSA, including AdminProxy, AdminServer, DebugProxy, DebugServer. These permissions are designed to allow access to the server and proxy for administrative and debugging tasks. The FSA permissions are disabled by default and should not be modified unless directed by PTC – Integrity Support.

The following table lists the default permission provided in the mks ACL shipped with Integrity Lifecycle Manager.

Permission	Description
AdminProxy	Allows user to perform administrative functions on proxy. Do not modify unless directed by PTC – Integrity Support.
AdminServer	Allows user to perform administrative functions on the server. Do not modify unless directed by PTC – Integrity Support. Users granted AdminServer permission may also view the server audit log files.
DebugProxy	Allows user to perform diagnostic functions on proxy. Do not modify unless directed by PTC – Integrity Support.
DebugServer	Allows user to perform diagnostic functions on server. Do not modify unless directed by PTC – Integrity Support.
Login	Allows user to log in. Without this permission, users cannot perform any other operations. No prerequisite.
ViewAuditLog	Allows user to view the audit logs that track server operations for configuration management, and workflows and documents. Requires Login permission.