Configuring Access Rules

Administrator users can configure rules that control which users can access which content. The access rules involving standard access roles also apply to restricted access roles. These rules do not apply to users with system privileges.

The links for each rule name connect to the detailed explanations of how these rules work, and how various combinations of these rules affect what content users can access and what tasks they can execute.

  1. Open the Collaborative Spaces Configuration Center widget. For more information, see Widgets to Configure Content and Business Rules.
  2. In the menu in the left pane, click Access Rules.
  3. To configure who can read content, select or clear these check boxes in the Read Operations section.

    The app applies the changes as soon as you select a check box.

    Read Access Rule Description
    Allow Read Access to In Work Content in Protected or Private Collaborative Spaces Controls the level of collaboration between disciplines by controlling read-access for in-progress and approved content.

    If activated, users have read-access to in-progress content according to their roles:

    • Author role for Resource content
    • Contributor role for Definition and Resource content
    • Reader role for Definition, Evaluation and Resource content

    If deactivated, users have read-access to approved content only.

    Independent of this access rule, these read-access rules apply based on the hierarchy of roles:

    • Leader role always has access to in-progress Resource and Definition content
    • Author role always has access to in-progress Definition, Evaluation content
    • Contributor role always has access to in-progress Evaluation content
    Allow Read-access to Any Public Content Controls read-access to public content in collaborative spaces for users not assigned to that collaborative space.

    If activated, users have read-access to all public content owned by the current organization and its parent organizations that they have credentials for.

    If deactivated, users only have read-access to public content of the specific collaborative spaces that their credentials give them access to. You might have to explicitly assign additional credentials to people.

    Independent of this access rule, users have read-access to all private and public content of collaborative spaces that their credentials give them access to.

    Allow Users Read-access To Any Content in Any Other Collaborative Space Controls read-access to private content in collaborative spaces other than the one they are logged into, as long as they have credentials for that collaborative space.

    If activated, users have read-access to private content in other collaborative spaces.

    If deactivated, users do not have read-access to private content in other collaborative spaces and much switch their logged-in credentials to the appropriate collaborative space.

    Independent of this access rule, users have read-access to public content in other collaborative spaces.

  4. To configure who can modify content, select or clear these check boxes in the Modify Operations section:

    Modify Access Rule Description
    Allow Leader to Modify Frozen Content Controls if a Leader can modify frozen content.

    If activated, a Leader can modify content in the Frozen state.

    If deactivated, a Leader cannot modify frozen content.

    Allow Owner to Modify Released Content Controls if an Owner can modify content that has been released.

    If activated, an Owner can modify content in the Released state.

    If deactivated, an Owner cannot modify released content.

    Allow Write Access Only to the Author Who Owns the Content Controls the level of collaboration between users with Author credentials by providing write-access to Definition content to either all Author users or only to the content's responsible user.

    If activated, only the Author responsible for the content has write-access to that Definition content.

    If deactivated, all users with Author credentials have write-access to that Definition content.

    Allow Write Access Only To the Contributor Who Is Owner of the Content Controls the level of collaboration between users with Contributor credentials by providing write-access to Evaluation content to either all Contributor users or only to the content's responsible user.

    If activated, only the Contributor responsible for the content has write-access to that Evaluation content.

    If deactivated, all users with Contributor credentials have write-access to that Evaluation content.

    Automatically Lock Definition Content at Creation Controls what types of definition content is automatically locked when it is created: reference (such as a Physical Product, 3DPart, or a 3DShape), instance (usage of a component within an assembly or structure), both, or neither.

    If you change the setting for this rule, you must Reload the Server Cache when finished configuring the access rules.

    Lock Definition Content Before Modification Uses lock to manage concurrent write-access to definition content to ensure that user's can save their modifications.

    If activated, content must be locked before any modification is made, otherwise saving the content will fail.

    If deactivated, content can be modified. However, the content may have been modified by another user which prevents the current user from saving their changes.

    Recommendation: Do not activate this rule. If you do, it complicates the use of Definition content for the end-user.
    Allow Contributor To Insert Content Into Released Design Structures Manages the level of collaboration between Author and Contributor. It controls whether the Contributor can create Evaluation content in Definition design structure in the Released maturity state.

    If activated, a Contributor can create Evaluation content in a Definition design structure in the Released maturity state.

    If deactivated, a Contributor cannot create Evaluation content in a Definition design structure in the Released maturity state.

    Consider User's Organization Assignment on Content Category Lets you choose which types of content should be restricted for modifications based on the user's organization.
    Allow Users To Modify Content in Any Collaborative Space They Have Access To Allows the flexibility to modify content across collaborative spaces.

    If activated, modification of content is allowed regardless of the users logged-in credentials.

    If deactivated, modification of content requires the user to switch their logged-in credentials to the appropriate collaborative space.

    Allow Usage of Private Content From Any Collaborative Space Users Have Access To Manages the usage of private content across collaborative spaces.

    If activated, the user can use private content in a collaborative space. Other users might not have read-access to that private content.

    If deactivated, the user can only use public content in collaborative space.

  5. To configure revisions, select or clear these check boxes in the Lifecycle Operations section:

    Lifecycle Access Rule Description
    Allow New Revision Creation If No Revision Already Exists Within These States Allows objects to be revised in the Private, In Work, or Frozen state if the object does not currently have a revision in the selected state.

    Choose Private, In Work, or Frozen (or none or any combination) from the list. Click x for any state you want to remove from the rule.

    If you change the setting for this rule, you must Reload the Server Cache when finished configuring the access rules.

    Allow New Revision on Maturity States Defines the states in which new revisions of content can be created.

    Choose any combination of states from the list. Click x for any state you want to remove from the rule.
    Allow Maturity Change Only by the Owner of Content Defines if users other than the content owner can change the maturity state.

    If activated, only the user that owns the content can change the maturity state.

    If deactivated, other users can change the maturity state.
    Allow Users to Create a Major Revision Even If Locked By Someone Else Manages the ability to create major revisions if content is locked by another person.

    If activated, a user with create access can create a major revision regardless of whether that content is locked by anyone. This access rule applies only to major revisions, not minor revisions.

    If deactivated, locked content can only be revised by the person who locked it.

    Allow change maturity to Released if used content is the latest released revision When this option is used along with the maturity transition control Reject if any of the Governed Children is not on Target State, the maturity change of a parent is allowed to change to Released only if the governed children are Released and if they are the last released revisions.
    Manage Configured Objects Lifecycle at Model Level Only Controls the ability to promote or revise configured objects. This access rule applies only to Engineering app content.

    If activated, only non-configured or “Variant Only” configured content can be promoted or revised.

    If deactivated, promotable or revisable content can be promoted or revised.
    When Creating New Content, Set the Maturity State to In Work Manages the initial read-access of a new major revision: either private for the responsible user, or shared to other users.

    If activated, a new revision is shared with other users.

    If deactivated, a new revision is created as private and only accessible to the user responsible for the content. The responsible user can promote the content to a state that supports sharing.

    If you change the setting for this rule, you must Reload the Server Cache when finished configuring the access rules.

    When Creating a New Minor Revision, Set the Maturity State to In Work Manages the initial read-access of a new minor revision: either private for the responsible user, or shared to other users.

    If activated, a new minor revision is shared with other users.

    If deactivated, a new minor revision is created as private and only accessible to the user responsible for that content. The responsible user can promote the content to a state that supports sharing.

    If you change the setting for this rule, you must Reload the Server Cache when finished configuring the access rules.

  6. To configure ownership transfers, select or clear this check box in the Ownership Operations section:

    Ownership Access Rule Description
    Set Access Roles that can Change the Owner of Content Defines the access roles a person must have to change the person who is responsible for content.
    Set Access Roles that can Change the Organization that Owns Content

    Defines the access roles a person must have to change to organization that owns content.

    Set Access Roles that can Change the Collaborative Space that Owns Content Defines the access roles a person must have to change the collaborative space that owns content.
    Only Owner of the Content Can Transfer Ownership Determines if only the person currently responsible for content can change the ownership of that content.
    The Owner of the Content After Transfer must Have Creation Credentials for Same Content Category Determines if a person that content is transferred to must have creation credentials for that type of content in the collaborative space.

  7. To configure who can use the Collaborate with EBOM (native apps) or Collaborate with Physical (web apps) commands, select or clear this check box in the Engineering BOM and Physical Product Collaboration Rule section:

    Note: Not available on the cloud.
    Engineering BOM and Physical Product Collaboration Access Rule Description
    Set Access Roles for Collaborate with Physical and EBOM Determines which roles have the ability to collaborate with EBOM. You can choose Leader or Leader/Author.