Server Configuration > Access Control List Permissions > ACL Configuration > Controlling Login for Workflow and Document Users
  
Controlling Login for Workflow and Document Users
The predefined Login permission allows a user login access to workflow and document functionality. By default, the Login permission is allowed for all users.
By clearing the Login permission you prevent users from accessing workflow and document functionality. This permission is set through the mks:im ACL. To revise the mks:im ACL Login permission, you follow a procedure similar to revising the Login permission for the mks:aa ACL.
To revise the mks:im Login permission using the Windchill RV&S administration client
1. From the Windchill RV&S administration client, open the Windchill RV&S view, click Permissions, and then highlight Global. The display pane shows the global permission information for the mks:im ACL.
The default ACL entry for mks:im is a group named everyone. Remember, ACL entries consist of principals and permissions. In this case, the assigned permission is Login.
* 
In the default condition, the Login permission is allowed for the everyone group.
2. You should first add a new ACL entry that gives you, or your group, full login access to workflow and document functionality. To add a new ACL entry, highlight the Globalmks:im ACL, and right click to choose New from the shortcut menu. The Select ACL Entries to Add dialog box displays.
3. From the Principal list, select the group or user you want to add the new ACL entry for. For example, you could select an IM_User group provided that group exists on your system. For information on filtering data and selecting items in the Select ACL Entries to Add dialog box, see the Filtering Data topic in the Getting Started documentation.
4. To change the mks:im Login permission, click the indicator box and toggle through the condition indicators until the box displays a green plus sign indicating the allowed condition.
* 
Once you add a principal, you can edit the associated permissions at any time by selecting the required option from the ACL menu or by right clicking and choosing the required option from the shortcut menu. Menu options include Allow Permission, Deny Permission, and Clear Permission.
5. To accept the changes, click OK. The display pane shows the new ACL entry for the selected principal and the Login permission is enabled for that principal.
The next step is to clear the Login permission for the everyone group.
* 
When setting mks:im ACL permissions for the everyone group, be careful that you only clear the Login permission.
Do not deny the Login permission to the everyone group—this effectively denies login permission to all users, including any administrator included in that group. Users who are denied login access cannot log in.
6. To clear the Login permission, select everyone and then select ACL > Change Permissions. The Change Permissions dialog box displays.
7. To clear the mks:im Login permission for the everyone group, click the indicator box and toggle through the condition indicators until a green plus sign displays indicating a cleared condition.
* 
You can also click to expand the everyone section, highlight the Login permission, and then right click to choose Clear Permission from the shortcut menu.
8. To accept the changes, click OK. The Login permission is cleared for the everyone group and explicitly allowed only for the selected principal, for example, the IM_User group.