Phase Access Control
You can configure ad hoc access rules for the participants defined under the Roles tab. This functionality is only available for advanced life cycle templates.
The rules apply to the primary business object.
Life cycle access rules remain in place for the duration of the life cycle phase. When the object moves to another phase, these permissions change.
The Submitter role is given Modify permission by default. This allows submitters to submit the object for promotion as part of the edit process.
All out-of-the-box roles are automatically given Read permission. This is necessary to allow the associated participants to access their tasks and view the object.
* 
New roles and custom roles created at your site are not given default Read permission. You must manually configure the permission of new roles.
1. Select a life cycle phase for which you want to configure access rules.
2. Select the Access Control tab.
The Selected Roles field displays the roles configured under the Roles tab.
3. Use the options available under Permissions to select which permissions to grant the selected role.
When you select certain permissions, other permissions are automatically selected to help you provide a usable interface for users. For example, if a participant is given permission to create an object, the participant usually requires permission to view and modify the object as well.
Access Permission Rights
Permission
Description
Full Control (All)
A participant (user, group, organization, or role) granted the Full Control (All) permission is granted all permissions currently defined and any defined in the future. Therefore, if new permission types are defined, you do not have to write rules that specifically grant them to participants with full control access.
Read
The right to know the existence of an object and to view the object and its attributes. Additionally, if the object has content, you can view an object's content information such as the file path to a local file or the location of external storage. This permission does not allow you to view the actual contents of the file.
Download
The right to download local files that are the primary content or are attachments of an object. This right is applicable to objects with content, such as documents or drawings.
Modify
The right to change the attributes of an object, as well as other characteristics that are part of the object definition but are not controlled by the Modify Content, Modify Identity, or Modify Security Labels permissions.
For versioned objects, a participant must have the Modify permission on the latest iteration of each version of a target object to update the attributes common to all versions that are not part of the object’s identity. Modify permission on a version of a target object is required to modify that version’s attributes.
Modify Content
The right to modify any local file, URL, or external storage for the primary content and attachments of an object with content. This includes modifying content information and adding, replacing, or deleting content.
Modify Identity
The right to modify a subset of the attributes that determine the identity of an object.
For a part, this subset includes the part number and the organization identifier (such as cage code) of the part, but not the part name. The part name is often treated as a short description.
For a folder, the attributes include the folder name.
The subset of attributes affected by the Modify Identity permission for a given object type is determined through the annotation of classes. For information on customizing the code to modify the set of attributes used in determining the identity of an object, see Identified Business Classes in the Windchill Customization Guide.
Modify Security Labels
The right to modify security label values on an object.
Create By Move
The right to move an object into an administrative domain.
Create
The right to create an object.
Set State
The right of a participant to perform a set state operation where a state transition has been defined to allow the transition from the current life cycle state to the new state.
* 
To perform a set state operation, a participant must have the Set State permission and there must be a valid state transition defined between the current state and the desired state. If there is no transition defined, the participant must have the Administrative permission to perform the operation.
For information about the Set State action and the permissions required, see Planning Object State Change Policies.
Revise
The right to revise an object. Revising creates a new version of the object at the same level as the original in the version tree. For example, you can create revision B from revision A.
New View Version
The right to create a new view version of an object. The New View Version action creates a new version of the object in a descendant view. The revision identifier sequences between views are independent. For example, you can create A.1 (Manufacturing) from B.1 (Design). For more information about views, see Working with Views and View Associations. For more information about new view versions, see Out-of-the-Box Default Versioning Scheme.
Change Domain
The right to move an object out of an administrative domain.
For information about administrative domains, see Managing Access to Data through Access Control Rules.
Change Context
The right to move an object out of a context.
Change Permissions
The right to change the ad hoc permissions that others have.
Participants who are granted the Change Permissions permission are allowed to change the ad hoc permissions of other participants. They can change these permissions to the permissions they themselves have or to a subset of the permissions they have.
Delete
The right to delete an object.
Administrative
The right to perform certain administrative tasks. For example, an administrator would have the right to undo another user's checkout or set an object to an arbitrary life cycle state.
For more information about access control, see Access Control Overview.
Was this helpful?