Setting Access Control Permissions for Agreement Managers
Out of the box, there are no permissions set for the AuthorizationAgreement object type. For agreement managers to access and modify agreements, the appropriate access control rules must be set. You can set permissions using the Policy Administration utility or by creating or updating context templates.
For more information on using the Policy Administration utility to create access control rules, see About the Policy Administration Utility. For more information on creating context templates, see About Context Templates.
Permissions should be set in the domain in which agreements reside as well as in the domain in which a user's checked-out work resides. When an object is checked out, a working copy of the object is created in a checked-out work folder. Out of the box, the checked-out work folder resides in the user's personal cabinet and the user has full control over all objects in the cabinet. By default, users have the necessary permissions on their checked-out work folder to perform all actions.
When agreements are enabled, permissions should be set on the following object types:
• AuthorizationAgreement
• Cabinet
• SubFolder
Some permissions may already exist on the Cabinet and SubFolder object types and on their parent type, WTObject.
Not all agreement managers are required to have full control over agreements. Permissions can be set for an individual agreement manager, a group of agreement managers, or the entire agreement manager group. Additionally, not all agreement managers need permissions in all contexts. You can set the rules so that some agreement managers can only create or modify agreements, while others have additional permissions, such as Delete.
Only agreement managers with Read access to the agreements cabinet for a particular context can see the Agreements page in that context. For example, an agreement manager has permission to access the agreements cabinet in a project context, but the same agreement manager does not have permission to access the agreements cabinet in the organization context. As a result, this agreement manager is only able to see the Agreements page in a project context.
Read permission is required to access any object and view its information page. The following table illustrates additional access control permissions required for actions often completed by an agreement manager. The object location column has the following values. Use these values to determine the domain in which to grant access control permissions.
• Target Location - the location where the agreement will reside when the action is complete.
• Source Location - the current location of the agreement.
• Checked-out Location - the location where the working copy of the agreement resides.
 |
In addition to being a part of the Agreement Manager group, you will also require at least one of the following license profiles to be able to create, edit, or delete an agreement:
• IP Protection License Profile
• PTC Windchill Advanced License
• PTC Windchill Premium License
|
|
Action
|
Object Type
|
Object Location
|
Permissions
|
|---|---|---|---|
|
New Agreement
|
AuthorizationAgreement
|
Target Location
|
Create
|
|
Subfolder
or
Cabinet
|
Target Location
|
Modify
|
|
|
Check Out
|
AuthorizationAgreement
|
Source Location
|
Modify
|
|
AuthorizationAgreement
|
Checked-out Location
|
Create
|
|
|
Subfolder
|
Checked-out Location
|
Modify
|
|
|
Edit
|
AuthorizationAgreement
|
Checked-out Location
|
Modify
|
|
Check In
|
AuthorizationAgreement
|
Source Location
|
Modify
|
|
Subfolder
|
Checked-out Location
|
Modify
|
|
|
or (if not owner of checkout)
|
|||
|
AuthorizationAgreement
|
Source Location
|
Administrative
|
|
|
Undo Checkout
|
AuthorizationAgreement
|
Checked-out Location
|
Delete
|
|
Subfolder
|
Checked-out Location
|
Modify
|
|
|
or (if not owner of checkout)
|
|||
|
AuthorizationAgreement
|
Source Location
or
Checked-out Location
|
Administrative
|
|
|
View Information
|
AuthorizationAgreement
|
Source Location
|
Read
|
|
Rename
|
AuthorizationAgreement
|
Source Location
|
Modify (change name)
Modify Identity (change number)
|
|
New Revision
|
AuthorizationAgreement (existing revision)
|
Source Location
|
Revise
|
|
AuthorizationAgreement (new revision)
|
Target Location
|
Create
|
|
|
Set State
|
AuthorizationAgreement
|
Source Location
|
Set State1
or
Administrative
|
|
Cut/Paste
|
AuthorizationAgreement
|
Source Location
|
Change Domain2
Change Context3
|
|
AuthorizationAgreement
|
Target Location
|
Create By Move4
|
|
|
Subfolder
or
Cabinet
|
Source Location
|
Modify
|
|
|
Subfolder
or
Cabinet
|
Target Location
|
Modify
|
|
|
Copy/Paste
|
AuthorizationAgreement
|
Target Location
|
Create
|
|
Subfolder
or
Cabinet
|
Target Location
|
Modify
|
|
|
Delete
|
AuthorizationAgreement
|
Source Location
|
Delete
|
|
Subfolder
or
Cabinet
|
Source Location
|
Modify
|
|
|
Subscribe
|
AuthorizationAgreement
|
Source Location
|
Read
|
|
Edit Access Control
|
AuthorizationAgreement
|
Source Location
|
Read
|
1 To set the state of an object, there must be a valid state transition between the current state and the target state. For information about the Set State action and the permissions required, see Planning Object State Change Policies.
2 The Change Domain permission is only required if the object is pasted in a new domain.
3 The Change Context permission is only required if the object is pasted in a new context.
4 The Create By Move permission is only required if the object is pasted in a new domain.
For example, if you want an agreement manager to be able to create an agreement, that participant must have Create permission for the agreement object and Modify permission for the folder or cabinet in which the agreement is to be created.
You can set access control permissions on the AuthorizationAgreement type for users who are not agreement managers. Any user can subscribe to an agreement as long as the user has Read access to the agreement. For more information, see Out-Of-The-Box Access Control Rules.
For more information about access control permissions, see the Access Control reference information.