Editing Access Control for an Existing Object

Basic Administration > Managing Data Security > Editing Access Control for an Existing Object

You can choose the Edit Access Control action for an existing object in any of the following ways:

• Select the Edit Access Control action from the right-click actions list in a row representing an object.

• Select the object in a table by clicking the checkbox at the beginning of the row and then select Edit Access Control from the Actions list on the table.

Selecting Edit Access Control from the Actions list on the table without selecting any rows in the table provides you with the access control permissions for the selected folder.

If you select multiple objects instead of one object from a table, see Editing Access Control for Multiple Objects.

• Select the Edit Access Control action from the Actions list on the object information page.

The Edit Access Control window opens displaying the identity of the object and the Access table.

1. Locate the participants for whom you want to view or manage permissions as follows:

◦ To display your access information, select My Access from the view drop-down list.

◦ To display the groups containing the team members of the current context, select Team Access from the view drop-down list.

◦ To display all participants for whom access control permissions have been explicitly defined, select All Defined Access from the view drop-down list.

◦ To see access permissions for other users, groups, or organizations, click the find participants icon

. Clicking this icon opens the Find Participant window where you can search for others who are then added (in new rows) to the table.

◦ To remove one or more participant rows from the table, select the rows and click the remove selected rows icon

For additional information about the participants displayed with these views, see Displaying Participants.

2. Manage permission settings by selecting or clearing the checkbox that is in the front of each permission listed in the Permissions column.

An administrator can change the set of permissions that are presented in the Permissions column by editing a Security preference. If you want to view or change a permission that is not listed in the column, contact your administrator.

The presence of a check mark indicates that the corresponding permission is granted for the participant named in the row. If you remove an existing check mark, then the permission is removed when you save the current settings.

You cannot change a permission for which the associated checkbox is disabled. The presence of a warning icon

in the Full Control (All) overridden column indicates all permissions are not granted for the participant despite the Full Control (All) permission being set. In this case, a policy rule absolutely denies one or more permissions. See Changing the Permissions of Participants for further information.

3. If the object for which you are changing permissions is a folder in a project or program context, the following checkboxes are presented after the Access table:

◦ Propagate access control changes to folder contents

◦ Recursively apply access control changes to subfolders

Decide whether you want the changes you make to the permissions on the folder propagated to the objects in the folder that are not folders (for example, all parts, documents, and CAD documents). Additionally, if you choose to propagate the changes in permissions to the folder contents, you can also choose to propagate the changes recursively to other folders under the current folder and their folder contents.

For details on using these checkboxes, see Propagating Permissions.

4. After you have modified the permission settings, click OK to save your changes and close the window or click Apply to save your changes and leave the window open for additional changes.

For objects that can be checked out, be aware of whether you are changing permissions on a checked-out working copy of the object or on the checked-out original version. When working from the Folders page, you are always working with the checked in version. From the Checked-Out Work table, the object is the checked-out version.

When an object is checked in, the access control permissions set on the new iteration are, by default, the permissions set on the previous iteration. The permissions on the working copy are not carried forward. This default is managed by the wt.vc.wip.copyAdHocAcls property file setting that is configured by your administrator.

For objects that are shared to another context, be aware of the context from which you launch the Edit Access Control action. Launching the action from the right-click actions menu in a table allows you to manage the access in the context in which the table resides. For example, launching the action from the Folders table of the context to which the object was shared allows you to manage user access to the object in the shared to context. Launching the action from the Actions menu on the object information page allows you to manage the access in the source context. That is, the Edit Access Control action on the object’s information page always manages the security of the object in the context in which the object was created. The shared to

or shared from

glyphs indicate which context the Edit Access Control action is acting on. Any permissions set in the context to which the object is shared are removed if the object is no longer shared to that context. For more information, see Setting Access Control on a Shared Object.