I am doing a restructuring of our windchill environment and adding new products to our site. One of the challenges has been to understand how Team Roles are administered. I have a team that has a built in role, Designers. How do I view the permissions and access controls of this ROLE? I know how to change who has this role by Groups are granted the role. Also how do I make a new ROLE or Modify it please?
Roles and permissions is quite a big topic.
You can create custom roles directly in the product UI but you will not be able to apply Org/Site level ACL policy.
If you want to create system wide roles I believe you have to edit RBINFO files using Enumcustomize util
Permissions can be reported and created against a domain/role/type/state in policy admin utility. Steep learning curve ahead I'm afraid.
As Darren states, there are many options here - so it's inherently complex. A few comments:
1. Use "Manage Security" from sample data (e.g. a CAD Doc at In Work state) to confirm permissions at every step. Add sample users to the Manage Security page, and verify that their permissions are due to mapping to Role(s).
2. Major decision to be made: Assign ACLs to Roles or Groups (or combination). Over time I've gravitated to mostly assigning to Roles and Org level, which picks up Group and/or User mapping to Roles in each Product/Library context. Have to diagram this out very well to keep organized and clear.
3. Shared teams are helpful - but only available to use if created before Products/Libraries are created (I think that this is still true in 11.x).
4. In general, all objects are assigned a Team Template by OIR on creation. Product Data (e.g. Docs, CAD Docs, WTParts) are assigned the "Default" Team team template which is empty OTB, but change objects are assigned a real team template, populated by Roles (but no users) OTB.
5. Trace from:
- Team Template assigned by OIR >> Roles, People
- Roles in Product/Library context team >> Groups, People