Specialized Administration > Ensuring Data Security > Security Labels and Agreements > Agreements > Agreement Managers Group > Out-Of-The-Box Access Control Rules for the Agreement Managers Group
  
Out-Of-The-Box Access Control Rules for the Agreement Managers Group
By default, no participants are authorized to create or modify agreements. When you configure agreements for your system, you must set up an agreement managers group. After you create the group, you must give the group, or individual members of the group, appropriate access control permissions for working with agreements.
There are no out-of-the-box access control policy rules defined for the AuthorizationAgreement object type. However, because the Agreement object is a descendant of WTObject, it inherits the out-of-the-box access control rules that are set for WTObject. For example, by default, context managers have Full Control (All) on agreements created in their context. Having the appropriate access control permissions, however, does not allow a context manager to modify an agreement unless he or she is a member of the agreement managers group. Only agreement managers can do more than view or subscribe to an agreement. Non-agreement managers with Read access to agreements can see the agreement information page, but the page has a limited Actions list and does not have the Authorized Objects or Authorized Participants tabs.
* 
In addition to being a part of the Agreement Manager group, you will also require at least one of the following license profiles to be able to create, edit, or delete an agreement:
IP Protection License Profile
PTC Windchill Advanced License
PTC Windchill Premium License
For more information on access control and the agreement managers group, see Setting Access Control Permissions for Agreement Managers.