Re: Security Labels on Attachments

abhishekarya · ‎Nov 14, 2025

I am using Windchill PDMLink Release 12.1 and Datecode with CPS 12.1.2.8

Can security labels only be applied on attachments, i.e. user should be able to see a document but not download the attachment from it, if not through security labels, how can we apply the same functionality of applying restriction per document where user should be able to see it but not download it.

If we cant achieve this through configuration, is customization an approach that could help achieve this?

avillanueva · ‎Nov 14, 2025

Since the security label is at the object level (the document), it covers both the primary content and attachments. I do no think you can split the functionality, at least not OOTB. I have a similar desire here with regard to seeing a document but not being able to download it. There are some documents which we might want to reference but only those authorized users should be able to download. Right now, they cannot see it at all.

My recommendation is to open up a Windchill Idea and document fully the use case.

jbailey · ‎Dec 01, 2025

From my time on the other side, and now seeing CMMC 2 being implemented, I wouldn't be surprised if there is a surge in interest w/security labels and new functionality needs. This should be made easier since the new ePLM licensing includes IP Protection for all Windchill named user licenses.

cgautier · ‎Nov 17, 2025

Hello abhishekarya,

Did you try using the Deny / Download permission ?

KR,

Charles.

abhishekarya · ‎Nov 17, 2025

permissions are set at object type, I am looking for a specific object instance i.e., a certain WTDocument 12345 not for all WTDocuments

cgautier · ‎Nov 19, 2025

Did you think about using lifecycle based access control?

For example: deny the download permission (policy admin level) and grant 'download' for some role for some lc state.

Like below:

KR,

Charles.