Specialized Administration > Ensuring Data Security > Access Control > Examples of Required Access Control Rules > Permissions Required for Sharing Between Products or Libraries and Projects
  
Permissions Required for Sharing Between Products or Libraries and Projects
Sharing objects between products or libraries to projects requires specific access control permissions for each context. Some sharing actions and the permissions required for these actions are listed below. When an object is shared, a SharedContainerMap object gets created in the Site context’s System domain and Full Control (All) permission for the SharedContainerMap is granted to the user creating the share, the members of the source context’s Product or Library Managers group, and by default the target context’s Project Managers group. You can specify the roles in the target project that are granted Full Control (All) permission for the SharedContainerMap object by adding the wt.inf.sharing.authorizedRoles property to the wt.properties file. The property does not change the out-of-the-box behavior that grants Full Control (All) permission for the SharedContainerMap object to the user creating the share and the members of the source context’s Product or Library Managers group. For more information on this property, see the properties.html file.
Add to Project - Allows the sharing of objects between products or libraries and projects. During the Add to Project operation, a user is able to either share the object or PDM Check-out the object.
To PDM Check-out the object; users must have Read, Change Permissions, and Modify permissions on the object in the source folder and Read permission for the source context. If the object is a content holder, the user must also have Download permission for the object. In the project context, the user must have Modify permission for the target folder, Create permission for the project-specific version of the object, and Create permission for the SharedContainerMap object type at the Site context’s System domain.
To share the object to a project, users must have Change Permissions and Read permissions for the object and Read permission for the source context. If the object is a content holder, the user must also have Download permission. In the project context, the user must have Modify permission for the target project folder and must have Create permission at the Site context’s System domain for the SharedContainerMap object type.
Undo PDM Checkout - Deletes the PDM checked-out version and creates a share link to the original object. Users must either be the original user who checked out the object or have Administrative permission for the checked-out object.
Remove Share - Removes the shared object from the target context. Users must have Modify permission on the project folder and have Delete permission for the SharedContainerMap object.
Send to PDM - Sends the object to a product or library context and creates a share link between the source project context and the target context. The first time the object is sent to PDM, users must have Modify permission on the source project folder. In the target product or library context, users must have Create permission for the object and Modify permission for the target folder. For subsequent Send to PDM actions, the user must have Modify permission for the object.
Convert To PDM Check Out - Checks out an object to the project context that has been shared from a product or library context. In the source product or library context, the user must have Read, Change Permissions, and Modify permissions on the object. If the object is a content holder, the user also must have Download permission for the object. In the target project context, users must have Create permission for the project-specific version of the object and Read and Modify permissions on the target folder.
Update Project and Update Selected Shares - Replaces the iteration of a shared object with a different iteration in the project baseline. In the source product or library context, the user must have Read permission on the object as well as Read permission on the source context. In the target project context, the user must have Modify permission for the SharedContainerMap object.
Convert to Share - Replaces a superseded object with the latest version of the object from the source context. In the source product or library context, the user must have Read and Change Permissions permissions on the object as well as Read permission on the source context. If the object can have associated content, the user also must have Download permission for the object. In the target project context, the user must have Modify permission on the folder and have Create permission for the SharedContainerMap object type at the Site context’s System domain.
Replace - Replaces an object in a project with an object of the same name from a product or library. In the source product or library context, the user must have Read, Change Permissions, and Modify permissions on the object as well as Read permission on the source context. If the object can have associated content, the user also must have Download permission for the object. In the target project context, the user must have Modify permission on the target folder, Delete permission for the existing object in the project, Modify permission on objects that use the existing object, and have Create permission for the SharedContainerMap object type at the Site context’s System domain.