|
New roles and custom roles created at your site are not given default Read permission. You must manually configure the permission of new roles.
|
Access Permission Rights
|
|||
Permission
|
Description
|
||
Full Control (All)
|
A participant (user, group, organization, or role) granted the Full Control (All) permission is granted all permissions currently defined and any defined in the future. Therefore, if new permission types are defined, you do not have to write rules that specifically grant them to participants with full control access.
|
||
Read
|
The right to know the existence of an object and to view the object and its attributes. Additionally, if the object has content, you can view an object's content information such as the file path to a local file or the location of external storage. This permission does not allow you to view the actual contents of the file.
|
||
Download
|
The right to download local files that are the primary content or are attachments of an object. This right is applicable to objects with content, such as documents or drawings.
|
||
Modify
|
The right to change the attributes of an object, as well as other characteristics that are part of the object definition but are not controlled by the Modify Content, Modify Identity, or Modify Security Labels permissions.
For versioned objects, a participant must have the Modify permission on the latest iteration of each version of a target object to update the attributes common to all versions that are not part of the object’s identity. Modify permission on a version of a target object is required to modify that version’s attributes.
|
||
Modify Content
|
The right to modify any local file, URL, or external storage for the primary content and attachments of an object with content. This includes modifying content information and adding, replacing, or deleting content.
|
||
Modify Identity
|
The right to modify a subset of the attributes that determine the identity of an object.
For a part, this subset includes the part number and the organization identifier (such as cage code) of the part, but not the part name. The part name is often treated as a short description.
For a folder, the attributes include the folder name.
The subset of attributes affected by the Modify Identity permission for a given object type is determined through the annotation of classes. For information on customizing the code to modify the set of attributes used in determining the identity of an object, see Identified Business Classes in the Windchill Customization Guide.
|
||
Modify Security Labels
|
The right to modify security label values on an object.
|
||
Create By Move
|
The right to move an object into an administrative domain.
|
||
Create
|
The right to create an object.
|
||
Set State
|
The right of a participant to perform a set state operation where a state transition has been defined to allow the transition from the current life cycle state to the new state.
|
||
Revise
|
The right to revise an object. Revising creates a new version of the object at the same level as the original in the version tree. For example, you can create revision B from revision A.
|
||
New View Version
|
The right to create a new view version of an object. The New View Version action creates a new version of the object in a descendant view. The revision identifier sequences between views are independent. For example, you can create A.1 (Manufacturing) from B.1 (Design). For more information about views, see Working with Views and View Associations. For more information about new view versions, see Out-of-the-Box Default Versioning Scheme.
|
||
Change Domain
|
The right to move an object out of an administrative domain.
For information about administrative domains, see Managing Access to Data through Access Control Rules.
|
||
Change Context
|
The right to move an object out of a context.
|
||
Change Permissions
|
The right to change the ad hoc permissions that others have.
Participants who are granted the Change Permissions permission are allowed to change the ad hoc permissions of other participants. They can change these permissions to the permissions they themselves have or to a subset of the permissions they have.
|
||
Delete
|
The right to delete an object.
|
||
Administrative
|
The right to perform certain administrative tasks. For example, an administrator would have the right to undo another user's checkout or set an object to an arbitrary life cycle state.
|