We have the system set so objects in the Library are downloaded to a workspace as read-only items. However, the users still have the ability to check-out these objects, but not check-in.
Is there a setting to prevent check-out of a read-only object in the workspace?
Windchill 11.0 M030, Creo 4 M080 soon to be Windchill 11.1 M020, Creo 7 or 8
I think you are referring to locking objects in workspaces, that is a good setting to have. Ability to check out has to do with access rights in the library. There are many ways to control but if they are library items, why do the users have rights to do anything but download them? I would recommend putting users into Guest or using lifecycle states to prohibit modification of library items. This should prevent check out. I would limit modification of libraries to a small set of users or create "admin" accounts that a user can shift into and out of to do those higher level maintenance tasks but keep their normal login for day to day stuff.
There are only 2 Librarians who can modify the objects in the Library.
The design engineering team downloads the objects as Read-only with a preference setting, but we do not lock the objects. Most of the users do an implicit download by opening the files in Creo. Not sure that option can lock files like a download to workspace from the browser can.
The objects are at the design state, which is the initial state for all objects. I suppose I could set state on all library objects to Prototype or Released, the users cannot check out from those states (I don't think), and then that may help control their check outs. As the Librarian and system admin, I would still have check out and check in rights to the library objects.
It sounds like you haven't really configured the Team roles. You can make a role in the Library that is read-only, you just need to configure the ACLs for that role. Use the Policy Administration utility.
Once you have a role configured, add all the users to that role (and remove them from any others). They will only have the access given by that role(s) that they are in.
If you only allow Read and Download, the user should not be able to check out or check in. Not sure how they're able to only check out.