Managing Authorized Participants

Specialized Administration > Ensuring Data Security > Security Labels and Agreements > Administering Security Labels > Managing Authorized Participants

Authorized participants are users, groups, or organizations who are unrestricted by a particular security label value. For more information, see Non-Null Label Values and Their Authorized Participants.

The authorized participant for a security label value can be managed in any of the following ways:

• Replacing the user, user-defined group, or organization specified in the UnrestrictedPrincipal element for the security label value with a different user, user-defined group, or organization. After saving and closing the security labels configuration file, restart the method server.

• If you are using a custom evaluator, modifying the isRestrictedBySecurityLabelValue method or the isAllowedToModifySecurityLabelValue method in the custom Java evaluator class to provide a different result. After modifying the methods, the class should be recompiled and the method server should be restarted.

For more information, see Create a Custom Java Evaluator Class.

• Modifying the membership of the specified group or organization by adding or removing members using the Participant Administration utility. It is not necessary to restart the method server.

For more information, see Editing Group Members.

• An LDAP Directory Service can also be used to configure groups outside of Windchill, if necessary, due to customer policies for managing directory service information or search scope limitations.

For more information, see Working with LDAP Directory Services.

To temporarily authorize a user who is not an authorized participant to access objects restricted by a particular security label value, use an agreement of the agreement type specified for the security label value. For more information, see About Agreements.