Basic Administration > Managing Data Security > Access Control Activities > Setting Security Preferences
  
Setting Security Preferences
The Security category in the Preference Management utility is available to view and set security-related preferences.
The following preferences are available to administrators:
The Allow Users to Edit their own Picture preference determines if individual users can modify the picture associated with their profile. The default value is No and does not allow users to modify their picture using the Edit Picture action. By default, users can change their picture only from their profile page under Quick Links > My Settings > Profile.
The User Automatic Reconnect preference determines if a disconnected user is automatically reconnected after their LDAP entry is disconnected from Windchill. The default value, Enable, will automatically reconnect a user to the LDAP entry if an administrator uses the Search Disconnected Participants action or if the user attempts to log on to Windchill. Setting the preference to Immediate allows automatic reconnection for users if the LDAP entry is available when reconnection is first attempted by any of the previously listed methods. If an LDAP entry is not immediately available, the automated reconnection will not be attempted again. Setting the User Automatic Reconnect preference to Disable does not allow Windchill to automatically reconnect users with their LDAP entry. This preference is available at the site level.
* 
If the preference is set to Immediate or Disable, a site administrator can still manually reconnect a disconnected participant using the Reconnect Disconnected Participant action. For more information, see Managing Disconnected Participants.
The Security Label Changes on Object Versions preference lets you control how security label changes are applied to object versions. You can decide to always apply security label changes to all versions of an object or to the edited versions of the object. You can also let the user make this determination by enabling a check box to display on the Edit Security Labels window. When the check box is selected, security label changes are applied to all versions of the object. You can choose to have the check box preselected or blank. If this preference is not updated, then by default a check box will be displayed on the Edit Security Labels window which will control if updates are on the selected versions or all versions of the objects.
The following preferences are available to administrators and users:
The Access Permission Configuration preference determines the set of access control permissions that you see and can edit when you are working with objects in a project, program, organization, or the site context. This preference can only be set in the site, organization, program, and project contexts.
The Access Permission Configuration (PDM) preference determines the set of access control permissions that you see and can edit when you are working with objects in a product or library context. By default, this preference is locked at the site level and can be viewed from the site, organization, product, and library levels. To set this preference at a different level, unlock the site-level preference.
* 
The default settings for the Access Permission Configuration (PDM) preference do not allow users to update any permissions; users can only view a subset of the permissions. Using this default means that if you select multiple objects and then attempt to use the Edit Access Control action, you will see a message saying there are no permissions that you can change.
If you cannot see or edit a certain permission but you need to be able to manage the setting of the permission, contact your administrator.
PTC recommends that administrators make the Full Control (All) permission visible. The Full Control (All) permission grants all permissions currently defined and any permissions that might be defined in the future, unless an absolute deny policy rule is written. When the Full Control (All) permission has been granted, then the checkboxes for the other permissions are cleared and disabled.
The Detailed Participant Identification preference allows you to change the identity information of the participants shown in the tables that show participants and access control permissions. If you set the preference to Yes, then participants are identified using the following format:
Participant
Information Displayed
Users affiliated with an organization
Full Name (user_name: organization_name)
Users with no organization affiliation
Full Name (user_name: Site)
User-defined groups created in an organization context
Group Name (organization_name)
All other user-defined groups
Group Name (Site)
System groups associated with context teams
Group Display Name (context_type - team_name)
System groups associated with shared teams
Group Display Name (team_name)
System groups associated with an organization context
Group Display Name (organization_name)
Organizations
Organization Name (site)
If you use the default setting of No, then the participant names are shown in a simpler format without the information in the parentheses.
* 
This preference does not apply to the participants displayed on the Access Rules table. The detailed format is always used on the Access Rules table.
The Display Folder Domains preference specifies whether the folder domain is displayed when creating or editing a folder.
By default, the domain for a folder is not displayed and a user cannot select which domain to use for a new or existing folder. If the preference is set to Yes, the domain and domain inheritance are displayed. If the user has the required access control permissions, the user can change the domain inheritance setting (whether the domain is inherited from the parent folder or not) and, if the Inherit domain from parent checkbox is unchecked, the user can select a domain for the folder.
* 
The domain associated with a folder is always displayed when viewing access information.
The Edit Security Labels > Collector set of preferences allow you to configure the default values used to collect objects related to the object or objects you selected when you launched the Edit Security Labels action. For more information, see About the Collector.
The Retrieve Policy Rules controls whether rules are automatically retrieved within the Policy Administration utility when the Access Control, Indexing, or Notification tabs are accessed. By default the preference is set to Yes and rules are automatically retrieved when the tab is selected. If the preference is set to No, the Search button must be clicked to retrieve the rules.
Related Topics