Organization Domain Algorithm
Windchill requires that each organization context must be assigned to the same domain as the associated organization participant. Because the organization participant may already exist, it may be already associated with a particular domain. When a new organization context is created, the following steps occur behind the scenes the domain association of the organization participant may change.
1. Windchill determines if an appropriate domain exists.
If a domain with the same name as the organization already exists as a child of the site-level /User domain and an organization participant with the same name is associated with the domain, a new domain is not created.
If a domain with the same name as the organization already exists as a child of the site-level /User domain and an organization participant with the same name is not associated with the domain, a new domain is created and a naming algorithm is used to create a unique name. For more information about the naming algorithm, see Creating Domains.
If a domain with the same name as the organization does not exist and an organization participant with the same name does not exist or there is an organization participant with the same name that is associated with one of the default domains (/User or /User/Unaffiliated), a domain with the name of the organization is created as a child of the site-level /User domain.
If a domain with the same name as the organization does not exist and there is an organization participant with the same name that is associated with another domain, a new domain is not created.
2. Associate the organization participant with the domain.
If an organization participant with the same name already exists and is assigned to the /User or the /User/Unaffiliated domain, it is reassigned to the domain created in the previous step.
If an organization participant with the same name already exists and is assigned to another domain, the organization participant retains the same domain association.
If an organization participant with the same name does not exist, one is created and assigned to the domain created in the previous step.
3. Create the organization context and associate it with the domain associated with the organization participant. This will be either the domain created in step 1 or the domain with which the organization participant was originally associated.
4. The domain created or found in step 1 is moved from the site level to the organization level unless the domain was associated with an organization participant but the domain name was not the same as the organization name.
5. Access control rules are established for the domain.
If a new domain was created in step 1 or an existing /User/<organization name> domain was associated with the organization context in step 3, the following access control rules are established for the domain:
Type
State
Participant
Permissions
WTOrganization
All
All Participating Members
+
Read
OrgContainer
All
All Participating Members
+
Read
WTObject
All
Organization Administrator
+
Full Control (All)
OrgContainer
All
<organization participant>
+
Read
No access control rules are created if the organization context was associated with some other pre-existing domain in step 3. PTC recommends creating access control rules in the alternate domain to satisfy your business needs.
* 
Because access control policy rules are associated with a particular domain, if an organization changes domains, user access control may also change. Carefully review any policies associated with the domain to which the organization will move prior to creating a new organization context to avoid access control issues.
In the following example, an organization participant called Umbrella Division already exists and its domain is the site-level /User domain. A site-level /User/Umbrella Division domain does not exist. The following occurs when a new organization context is created:
1. A site administrator is creating a new organization context and selects the Umbrella Division participant for the Organization Name.
2. A new site-level domain named Umbrella Division is created as a child of the /User domain because the domain associated with the Umbrella Division participant is a child of the /User domain.
3. The Umbrella Division participant is moved to the new /User/Umbrella Division domain.
4. The Umbrella Division organization context is created and is associated with the Umbrella Division participant and the /User/Umbrella Division domain.
5. The /User/Umbrella Division domain is moved from the site level to the organization level.
6. The following access control rules are created in the /User/Umbrella Division domain:
Type
State
Participant
Permissions
WTOrganization
All
All Participating Members
+
Read
OrgContainer
All
All Participating Members
+
Read
WTObject
All
Organization Administrator
+
Full Control (All)
OrgContainer
All
Umbrella Division
+
Read
In this example, an organization participant called Construction Machinery Corporation already exists and its domain named Machinery Division is a child of the site-level /User domain. The following occurs when a new organization context is created:
1. A site administrator is creating a new organization context and selects the Construction Machinery Corporation participant for the Organization Name.
2. A new domain is not created because the Construction Machinery Corporation participant is associated with a domain that is not a site-level /User/Construction Machinery Corporation domain.
3. The Construction Machinery Corporation participant remains associated with the existing domain.
4. The /User/Machinery Division domain remains at the site-level.
5. The Construction Machinery Corporation organization context is created and is associated with the Construction Machinery Corporation participant and the existing domain. No access control rules are created since the domain associated with the organization participant already existed.
Was this helpful?