Currently, our organization only uses CAC authentication to access our Windchill (WC) instance. We also utilizes CAC authentication for both the desktop application and web access for the Windchill Quality Solutions (WQS) software.In order to connect WQS to WC you have to use the Administrator application for WQS. From there, you go to Tools->Edit PTC Windchill Settings. Here you enter a username and password that is used by everyone that uses WQS or have it prompt the user for a username and password so WQS can connect to WC. This is fine if you use the username/password combination to access WC. What is needed is a third option. If you set WQS to "Prompt for each session" it needs to be able to read a CAC for authentication. By setting "Prompt for each session" we can limit what the WQS user can see in WC. However, since our WC instance does not use the username/password combination this option is not possible.So I have created one specific username/password combination in WC (ex. WCWQSUser) that I grant access to only those products/projects that WQS needs access to.I have managed to "trick" WC into using this option for WQS.The problem with this is any WQS user can see any product/project in WC that WCWQSUser has access to.Even though the user themselves may not have access to the product/project if they were logged in to WC.By setting "Prompt for each session" and have it read the CAC we can prevent users from gaining access to products/projects they should not have access to.