Basic Administration > Administering Windchill > Contexts – Distributed and Hierarchical Administration > Context Administrative Items > Context Policies > Installed Site Context Policies > Access Control Rules for / (Root) Domain
  
Access Control Rules for / (Root) Domain
The following domain-based access control rules are set when the data is loaded during the installation. The rules are in the site context / (root) domain for all life cycle states. Permissions granted are indicated with a plus sign (+), permissions denied are indicated with a minus sign (-), and permissions absolutely denied are indicated with an exclamation mark (!).
For more information, see About Access Control Rules.
* 
These rules ensure that users can operate within the Windchill solution and should not be changed without fully understanding the reason for the change.
Object Type
Participant
Permissions
Comment
AccessPolicyRule
ALL
+Read
Allows organization and application context administrators to see inherited access rules.
AdministrativeDomain
ALL
+Read
Allows all users to view domains.
DeliverableDefinition
ALL
+Read and +Create
Allows all users to create and read deliverable definitions.
EPMDocConfigSpec
ALL
+Full Control (All)
Allows all users to perform configuration management of business objects within their workspace when using Creo Parametric or other workgroup managers.
ExchangeContainer
ALL
+Read
Allows all users to complete a variety of general actions.
Meeting
OWNER
+Full Control (All)
Grants owners full access to meetings that they own.
For information about setting up meetings with WebEx, see Setting Up Meetings.
NotificationSubscription
Administrators
+Full Control (All)
Grants administrators full access.
NotificationSubscription
ALL
+Read and +Create
Grants all users read and create access.
NotificationSubscription
OWNER
+Full Control (All)
Grants the owner full access.
Team
OWNER
Read
Grants the team owner read access.
WTDocumentConfigSpec
ALL
+Full Control (All)
Grants full control to all users.
WTMarkup
ALL
+Read, +Download, and +Create
Allows all users to create and read markups. These permissions are required because view markups are not life cycle managed.
WTMarkup
OWNER
+Modify, +Modify Content, and +Delete
Allows the owner of a markup the ability to modify and delete it.
WTObject
Administrators
+Full Control (All)
Grants full control to all site administrators.
WTObject
View and Print Only
!Modify, !Modify Content, !Modify Identity, !Create By Move, !Create, !Set State, !Revise, !New View Version, !Change Domain, !Change Context, !Change Permissions, !Delete, and !Administrative
Absolutely denies users in the View and Print Only license group all permissions except those required to view and download objects.
WTPartConfigSpec
ALL
+Full Control (All)
Allows all users to perform configuration management of business objects within their workspace when using Creo Parametric or other workgroup managers.
WTRolePrincipal
ALL
+Read
Grants all users read access.
FvPolicyRule
ALL
+Read
Grants all users read access.
FvFolder
ALL
+Read
Grants all users read access.
FvHost
ALL
+Read
Grants all users read access.
FvVault
ALL
+Read
Grants all users read access.
ReplicaFolder
ALL
+Read
Grants all users read access.
ReplicaVault
ALL
+Read
Grants all users read access.
RootFolder
ALL
+Read
Grants all users read access.
Site
ALL
+Read
Grants all users read access.
DerivedImage
ALL
+Read, +Create, and +Download.
Allows all users to create, read, and download derived images.
DerivedImage
Team Members
+Full Control (All)
Grants full control to all team members.