A policy access control rule is set for a specific domain and is a mapping between an object type and life cycle state, and sets of participants (users, groups, or organizations) and their associated permissions. For an object type and a specific state, a policy access control rule specifies rights of participants concerning access to objects of that type, in that state. For example, a policy access control rule might state that everyone in the Publications group has permission to read all objects of type WTDocument in the Engineering domain when the objects are in the Under Review state.

Policy rules use domains to provide structure as to when the rules are applied. Some of the permissions set for specific domains are loaded when your Windchill system was installed and others can be set by your administrator.

Administrators use the Policy Administration utility to manage policy access control rules. Policy rules cannot be changed through the Edit Access Control action.

Policy access control rules apply to all objects of a specific type instead of to a specific object, as is the case with ad hoc access control rules.