Showing results for 
Search instead for 
Did you mean: 
Showing results for 
Search instead for 
Did you mean: 

The PTC Community email address has changed to Learn more.

Restricting access


Restricting access

We have support level staff that at the moment that has Site Admin rights to WC. Their main priorities are to add users to the system and ensure that the users are in their designated roles/licenses.


I need to find a way to ensure they dont have the ability to delete anything on the system. Is that an option?

Ive given them site admin access so they can view Participation Administration and assign users to their designated groups which for the most part is in Organization. 


Hi @NT_10191042 

Create a group for that admins and set ACL rules for that group to deny delete operation for the objects you need.

CAD Document, WTDocument, WTPart, Change objects, WorkItems and so on...


It can help to solve what you need.



23-Emerald II

Give them only Organization Admin rights, not site.


To manage license without being site admin. You can do the following setup:

  1. As site admin, create a group at org level. For example “Manufacturing Eng” group
  2. As site admin, being at org level open the PTC license group you need to manage and add as a member the group you just created. For example, set “Manufacturing Eng group as a member of PTC Quality license

From now you can assign license to users without be site administrator. To assign license group to user do as following:

  1. As an organization admin, add the user you want to assign a license to the group you created. For example, add jsmith to Manufacturing Eng group will grant him PTC quality license entitlement.

Overall the trick is to create a group at proper level.

22-Sapphire I

It's tricky for sure.

If you assign them Org Admin as suggested above, this takes care of having permissions in all Products / Libraries, but need to remove the Delete permission.

Would be ok to assign a DENY Delete to them, but much better to assign user to a Group, then assign permissions to the Group so if users come and go, the system still works.  But, you can't assign a Group as Org Admin (as far as I know).  Always assume that people come and go and change responsibilities, so it has to be simple and foolproof to change users but not change the assigned permissions to the current user.


Could create an org-level regular (non-license) Profile that has minimal things checked for these users (and make sure no other Profile assigned); this will greatly simplify the UI for these users.  One problem is that they see all Utilities at Org level because this is only one Profile item.



Hi @MikeLockwood 


One additional comment with profiles.

It is a good idea to use profiles to minimalize the UI functions. I used it in the past a lot, but with PTC License groups it is problem because license groups use the profiles and I do not find any way how to minimalize check boxes in that license profiles. 


or do you have different experience?





Agree that with license profiles, we're stuck.

Profiles add; no way to subtract.

Top Tags