Windchill PDMLink and Windchill ProjectLink permit all users with the role of Library, Product, and Project Managers, as well as Organization and Site Administrators to author (create and modify) workflows within the contexts (Organizations, Products, Libraries, or Projects) they manage. This is as-designed, and is a necessary component of the distributed administration model enabled by these solutions.

The embedded Java code that workflow creators are permitted to write to a workflow process includes embedding Java code in Execute Expression robots, Synchronize robots, Conditional gates and activities to perform conditional branching or execute custom application logic within the context of the workflow. This embedded Java code is executed on the server, and there are no restrictions on the APIs.

Application context managers for Libraries, Products, Projects, Programs, and Organizations are granted Full Control (All) permission on WTObject. This permits Organization Administrators and application context managers to effectively administer their contexts, through granting them the ability to modify access control policy rules, workflow and life cycle templates, and other contextual administrative objects. However, through granting them the ability to author workflow templates they are also effectively being granted the ability to write Java expressions which will be run on the server when the workflow is executed.

With the introduction and adoption of the distributed administration model, the number of users with broad access permissions in the application contexts expanded significantly. PTC is no longer assuming that a user who is responsible for administering an individual context is trusted to author Java code which may provide access to information outside of the context they manage.

Considering this capability, a user with permissions to create workflow templates (for example, Project Managers) could potentially add malicious code in one of the expressions, causing a possible security threat. For this reason, workflow templates that contain Java expressions must be created and thoroughly tested by individuals that are trusted by the organization.