Specialized Administration > Ensuring Data Security > Access Control > Managing Access to Enterprise Information > Content Holder Information
  
Content Holder Information
A number of Windchill objects, including all document types and change objects (change requests, change orders, and change activities), are modeled as content holders. A content holder is an object to which files can be attached and for which URLs and external storage information can be specified. For example, after a document is created and saved to the Windchill database, the user who created it can add a number of files to it, which are then uploaded to the database. When the document is later checked out, the user has the option to download one or more of the content files, which can be replaced with new or updated content when the document is checked in. Users can also request that read-only copies of one or more content objects be downloaded to the local file system. That is, users can access content files without checking the content holder out of the database.
The following are several access control implications for content holders:
Workable objects are those objects that must be checked out and checked in.
If a content holder is workable, content can be added only to the working copy of the object (meaning that the object is checked out). The Modify permission is required to check out and check in an object. After an object is checked out, the permissions required are based on the affected attributes.
If a content holder object is not workable, the permissions required are based on the affected attributes.
There is no way to create separate access control rules for content associated with a content holder. Rules applied to the object govern access to its content as well.
The Download permission provides the right to access the primary content and attachments of a content holder where the source is a local file.
The Modify Content permission provides the right to add, replace, or delete primary content and attachments on content holders. The source of the primary content and attachments that can be modified can be local files, URL links, and external storage.
The Modify permission provides the right to modify object attributes directly associated with the object.
The Modify Identity permission provides the right to modify key attributes, which are considered part of an object’s identity.
The Replace Content action for a workable object does the check out and check in as part of the action and, therefore, it requires both Modify and Modify Content permissions.