Assigning Domains to Folders in Solutions with Products and Libraries
When creating folders, the default behavior is that the domain associated with the new folder is the same domain that is associated with the parent cabinet or folder.
The ability to create folders is controlled through the access control policy rules that are set for folders. Out-of-the-box, only product or library managers and organization administrators (in Windchill solutions with products and libraries) and the site administrators (in Windchill solutions with products and libraries) can create folders (or update the domains in existing folders). To allow others to create folders, you can add access control policy rules that grant Create and Modify permission for the Folder object type to those participants who you want to have this capability.
For more information about adding access control policy rules, see
Access Control.
To allow those who can create folders the ability to associate a domain other than the domain that is associated with the parent folder, you must set the Display Folder Domains preference.
Setting this preference to Yes reveals domain information on the dialogs used when creating or updating folders and on folder information pages. Providing the domain information allows users who have the appropriate access control rights to assign different domains to folders and to see which domain is currently assigned to a folder. In Windchill solutions with products and libraries, the interface allows a user to select a domain from the domains established in the context other than the /System domain and any of its descendants. You can set this preference at any context level through the Preference Management utility from the product, library, organization, and site Utilities pages.
You can use the ability to create folders that are associated with a domain other than the domain that is associated with the parent folder in conjunction with the ability to create top-level domains in an application context. For example, assume you have created the /Planning domain in following domain structure for a product:
The access control rules in the /Planning domain only inherit the rules from the Site / (root) domain and the organization /Private domain and not the rules from the organization /Default and /Default/PDM domains. When creating folders in a product, the domain associated, by default, is the /Default domain in the product. By allowing the user to select a different domain, the user could select the /Planning domain instead of the /Default domain. Creating a folder associated with the /Planning domain provides a different access policy for objects in the folder since the access control rules for objects associated with the /Planning domain can be different than the rules associated with the product /Default domain and a different set of rules are inherited from the organization.
Example: Managing Policy Access Control on a Folder
The following procedure is an example of how to set access controls on a folder in a
Product
,
Library
, or
Project
.
1. In the application context where the folder resides, navigate to > and expand the Security category. Set the Display Folder Domains preference to Yes.
2. In the same application context, open the Policy Administration utility and select the domain where you want to create a new domain.
3. After creating the new domain, click on its name in the Domains tree. The domain’s policy rules tabs display on the right pane. On the Access Control Rules tab, set the policy rules you want to apply to the folder.
4. Navigate to the folder in the application context, select it and click > .
5. De-select the Inherit domain from parent check box and click Find. Search for the new domain you created. Click OK to return to the New Folder window.
6. Finish creating the folder and verify that access control rules are working as expected.
