I have the same problem. One of our user can check out all released items an make changes to them. What is the Windchill setting to prevent that. Probably a permission setting we are missing here?
From a Released object, as admin, select "Edit Access Control." Search for and add that user to the list and then investigate. Modify will be checked; select the info button to drill down to the permission that provides Modify and should not.
@MikeLockwood "Edit Access Control" can be set for each individual object. Is that any way that permission set for all released objects in the past and all that will be released in future? Thanks
Yes, even though it's named "Edit..." don't make any changes here. It's a matter of finding what permission gives the user the unwanted permission.
From there, a) see if the permission is just to this user (bad practice but happens), or to a group. If to the group, see what other users also have this permission. See also if this user is in muliple Roles in the Product / Library where this is occurring or multiple Groups mapped to these Roles.
b) It may become a matter of troubleshooting - hopefully what you have is documented well by someone.