Server Configuration > Access Control List Permissions > Creating a Configuration Management ACL Control
  
Creating a Configuration Management ACL Control
If your organization has administrators who manage individual projects, you may also want to create ACLs that control access to configuration management source code project ACLs. For example, you could create an ACL that controlled access to the Orion_Program project. This would be the mks:aa:mks:si:project:id:Orion_Program ACL.
To create an ACL that controls another ACL, you need to add an ACL using the Windchill RV&S administration client, Web, or CLI. Generally, you would only grant more permissions on a child ACL if you had already restricted the parent ACL.
For more information on creating control ACLs using the CLI, see the CLI man pages.
Similarly, you can create ACLs that control access to the product ACLs mks:im and mks:si. An ACL that controls access to mks:im would be mks:aa:mks:im; an ACL that controls access to mks:si would be mks:aa:mks:si.
Once you modify or create the necessary ACLs, the information is dynamically loaded by the Windchill RV&S server. You do not have to restart the server.
To add a control ACL using the Windchill RV&S administration client
1. From the Windchill RV&S administration client, open the Permissions view, and select the ACL Control section. The display pane shows the mks:aa:mks ACL.
2. With mks highlighted, select ACL > Create an ACL control ACL from the main menu. The Select an ACL panel displays.
3. Click to expand the mks section, select the ACL you want to control, and click OK. The Confirm ACL Creation dialog box asks you to confirm the creation of the new control ACL.
To create the new control ACL, click Yes. The Select ACL Entries to Add dialog box displays the name of the new control ACL. For example, an ACL that controls access to the mks:patch ACL would be termed mks:aa:mks:patch.
4. From the Principal list, select the target principal that has access to the control ACL. For information on filtering data and selecting items in the Select ACL Entries to Add dialog box, see the Filtering Data topic in the Getting Started documentation.
5. In the Permission area, modify the read and update permissions as required for the target principal by clicking the indicator box and toggling through the condition indicators until the box displays a green plus sign indicating the allowed condition.
* 
To allow both read and update permissions, you can also click Allow All. To deny both read and update permissions, click Deny All. To clear both read and update permissions, click Reset.
6. To accept the changes and create the new control ACL, click OK. The control ACL is created for the specified ACL. You can expand the mks directory to see the new control ACL.