Default Access Control Rules for Foldered Objects
By default, the Administrators group has Full Control (All) rights to all objects including a cabinet and all of its folder members. These permissions are granted by a predefined access control rule created for the Root (/) domain granting Full Control (All) permissions to members of this group for object type WTObject and all of its descendent types.
Whenever you create a new Windchill user object, a personal cabinet is created for the user. Since a Windchill user name does not need to be unique and all personal cabinet names must be unique, Windchill uses the wt.folder.personalCabinetNamingAttribute property in the wt.properties file to determine what the initial personal cabinet name should be for a given user. In most cases, the name of the personal cabinet is the user's name.
For additional information about naming personal cabinets, see
Naming a User's Personal Cabinet.
By default, the personal cabinet is associated with a child domain of the /User domain. The name of the child domain is usually the name of the user’s organization unless the user is not affiliated with an organization (see
Managing Users for details).
The user is the owner of the personal cabinet and any objects he or she creates within this personal cabinet or any of its subfolders. For example, when a user checks out an object, a working copy of the object is created in a checked-out work folder in the user's personal cabinet. By default, the user has all rights to objects in his or her personal cabinet because a default access control rule exists for the User domain in the site context. The rule grants Full Control (All) permissions to the OWNER of objects of type WTObject and all of its subtypes. However, the domain with which the user cabinet is associated can be changed, and appropriate rules granting owner rights would need to be defined for any other domains associated with personal cabinets.