Managing Authorized Participants
Authorized participants are users, groups, or organizations who are unrestricted by a particular security label value. For more information, see
Non-Null Label Values and Their Authorized Participants.
The authorized participant for a security label value can be managed in any of the following ways:
• Replacing the user, user-defined group, or organization specified in the UnrestrictedPrincipal element for the security label value with a different user, user-defined group, or organization. After saving and closing the security labels configuration file, restart the method server.
• If you are using a custom evaluator, modifying the isRestrictedBySecurityLabelValue method or the isAllowedToModifySecurityLabelValue method in the custom Java evaluator class to provide a different result. After modifying the methods, the class should be recompiled and the method server should be restarted.
For more information, see “Customizing Security Labels” in the Advanced Customization section.
• Modifying the membership of the specified group or organization by adding or removing members using the Participant Administration utility. It is not necessary to restart the method server.
• An LDAP Directory Service can also be used to configure groups outside of Windchill, if necessary, due to customer policies for managing directory service information or search scope limitations.
To temporarily authorize a user who is not an authorized participant to access objects restricted by a particular security label value, use an agreement of the agreement type specified for the security label value. For more information, see
About Agreements.