Setting Security Preferences

• The Allow Users to Edit their own Picture preference determines if individual users can modify the picture associated with their profile. The default value is No and does not allow users to modify their picture using the Edit Picture action. By default, a user’s picture can only be changed from his or her profile page under Quick Links > My Settings > Profile.

• The User Automatic Reconnect preference determines if a disconnected user is automatically reconnected after his or her LDAP entry is disconnected from Windchill. The default value is Enable and will automatically reconnect a user to his or her LDAP entry if an administrator uses the Search Disconnected Participants action or if the user attempts to logon to Windchill. Setting the preference to Immediate allows automatic reconnection for users if the LDAP entry is available when reconnection is first attempted by any of the previously listed methods. If an LDAP entry is not immediately available, the automated reconnection will not be attempted again. Setting the User Automatic Reconnect preference to Disable does not allow Windchill to automatically reconnect users with their LDAP entry. This preference is available at the site level.

If the preference is set to Immediate or Disable, a site administrator can still manually reconnect a disconnected participant using the Reconnect Disconnected Participant action. For more information, see Managing Disconnected Participants.

• The Security Label Changes on Object Versions preference lets you control how security label changes are applied to object versions. You can decide to always apply security label changes to all versions of an object or to the edited versions of the object. You can also let the user make this determination by enabling a check box to display on the Edit Security Labels window. When the check box is selected, security label changes are applied to all versions of the object. You can choose to have the check box preselected or blank. If this preference is not updated, then by default a check box will be displayed on the Edit Security Labels window which will control if updates are on the selected versions or all versions of the objects.

• The Access Permission Configuration preference determines the set of access control permissions that you see and can edit when you are working with objects in a project, program, organization, or the site context. This preference can only be set in the site, organization, program, and project contexts.

• The Access Permission Configuration (PDM) preference determines the set of access control permissions that you see and can edit when you are working with objects in a product or library context. By default, this preference is locked at the site level and can be viewed from the site, organization, product, and library levels. To set this preference at a different level, unlock the site-level preference.

The default settings for the Access Permission Configuration (PDM) preference do not allow users to update any permissions; users can only view a subset of the permissions. Using this default means that if you select multiple objects and then attempt to use the Edit Access Control action, you will see a message saying there are no permissions that you can change.

PTC recommends that administrators make the Full Control (All) permission visible. The Full Control (All) permission grants all permissions currently defined and any permissions that might be defined in the future, unless an absolute deny policy rule is written. When the Full Control (All) permission has been granted, then the checkboxes for the other permissions are cleared and disabled.

• The Detailed Participant Identification preference allows you to change the identity information of the participants shown in the tables that show participants and access control permissions. If you set the preference to Yes, then participants are identified using the following format:

Participant	Information Displayed
Users affiliated with an organization	Full Name (user_name: organization_name)
Users with no organization affiliation	Full Name (user_name: Site)
User-defined groups created in an organization context	Group Name (organization_name)
All other user-defined groups	Group Name (Site)
System groups associated with context teams	Group Display Name (context_type - team_name)
System groups associated with shared teams	Group Display Name (team_name)
System groups associated with an organization context	Group Display Name (organization_name)
Organizations	Organization Name (site)

• The Display Folder Domains preference specifies whether the folder domain is displayed when creating or editing a folder.

By default, the domain for a folder is not displayed and a user cannot select which domain to use for a new or existing folder. If the preference is set to Yes, the domain and domain inheritance are displayed. If the user has the required access control permissions, the user can change the domain inheritance setting (whether the domain is inherited from the parent folder or not) and, if the Inherit domain from parent checkbox is unchecked, the user can select a domain for the folder.

• The Edit Security Labels > Collector set of preferences allow you to configure the default values used to collect objects related to the object or objects you selected when you launched the Edit Security Labels action. For more information, see About the Collector.

• The Retrieve Policy Rules controls whether rules are automatically retrieved within the Policy Administration utility when the Access Control, Indexing, or Notification tabs are accessed. By default the preference is set to Yes and rules are automatically retrieved when the tab is selected. If the preference is set to No, the Search button must be clicked to retrieve the rules.