Note

Users can be added to a profile on the New User window and the Edit User window in all Windchill solutions except Pro/INTRALINK 9.1.

For more information about profiles, see Profile Management on page 290

Editing the Domain of a User

A domain is an administrative area that defines a set of administrative policies, such as access control, indexing, and notification. Objects associated with a domain are subject to its policies.

A user’s domain can be edited on the Edit User window. Click Find next to the Domain of User field. The Find Domain window opens and you can search for and select a domain. You can also type the name of an existing domain into the

Context field.

Deleting Users

Caution

Do not delete a user unless you understand how it affects the system, as described in this section.

These two actions result in deleting a user:

•Delete from Windchill

•Delete from Windchill and Windchill Directory Server

The first action has the effect of deleting the user from the Windchill database. The second action deletes the user from both the Windchill database and the user directory service. To use the second action, you must have the required permissions to be able to delete users from the directory service as well as the database.

Note

You cannot delete users that are owned by a read-only directory server.

Note

You cannot delete the Administrator or the Administrators group. You also cannot delete your own user object.

The results of deleting a user from the Windchill database are:

•The user is removed from all groups.

•All access control policy rules that specifically identify the user are removed.

•The user is removed from all notification lists within notification policy rules and, if deleting the user from the list results in an empty list, then the rule is also deleted.

•If the user was a member of a local or shared team, the user row in the Members table includes (Deleted) after the user name to inform the team that the user has been deleted. The deleted user can then be replaced or removed from the team.

•A user can be created with an identical user name as a user that was previously

•If a deleted user is specified as the user of a collection defined in the index properties, a stack trace prints in the method server log when an attempt is made to index an object.

The following rules govern tasks associated with a workflow process when a user is deleted from the Windchill database:

•If a user is deleted after a workflow process has been initiated, but prior to assignment of a task, the user is removed from the list of participants and no task is assigned. The value of the wt.property called ignoreUnresolvedRoles decides if the task should be completed or assigned to the responsible role.

•If the user is deleted after a workflow process has been initiated, and a task has been assigned, that task must be manually reassigned. The task will be reassigned to a context creator.

For more information, see help available from the Participant Administration utility.

•A deleted user continues to appear in iteration history, object properties pages, and so on, but the name is not displayed as an email link.

•When a user is deleted, the user is automatically removed from the list of participants in any workflow process template. The user is also removed from any role mappings created as part of a life cycle or team definition. The change does not result in an iteration to the workflow or life cycle templates.

•If a user is identified as a participant in a workflow template definition and that user is deleted from the system after the workflow has been initiated, any task that would have been assigned to the user is assigned to the Responsible Role which is generally the user who initiated the process.

•If both the template creator and a user identified in a workflow process template are deleted after the workflow process is initiated, the workflow process stops until the tasks assigned to the deleted user are manually reassigned.

The results of deleting a user from both the Windchill database and the directory service include all results described earlier for deleting a user from the Windchill database and additionally include the following:

•A user is not authenticated when attempting to log into Windchill.

•The user's name is not included in search results.

If a user is not removed from the user directory service, a new user object is created in Windchill database when the user tries to log on or when the user is selected from a search. This new user object is not the same object that was deleted, and all of the results of the earlier deletion are still true. For example, the user is no longer a member of the groups to which the user had been a member.

After deleting a user from the Windchill database, you must perform the following clean-up steps:

•Reassign any items in the user's list of tasks.

•Unlock any objects the user has checked out of the Windchill database.

•Remove the user's personal cabinet and any folders or objects within it. From

Windchill PDMLink, use Site Utilities Personal Cabinets Administration.

Changing the Organization to which a User Belongs

You can change the organization attribute for users using the Participant Administration utility (if you have write permission to the directory service) or by using a third party tool that allows your site to modify user entries in your directory service. Changing the organization attribute by using the Participant Administration utility automatically changes the other organization-related information for users. However, changing this attribute by using a third party tool does not change the other organization-related information for users.

If you change the organization affiliation of a user, the domain and personal cabinet of the user are automatically updated to reflect the change (by default). When the site preference named Synchronize Domains for User Organization Changes is set to true and the organization of a user changes, the user domain and the domain of the user’s personal cabinet are reassigned to the new organization root domain. Additionally, the organization groups that are associated with the

context teams for which the user is a member, are updated. The user is removed from the group for the old organization and added to the group for the new organization.

If this preference is set to false, the site administrator will have to manually execute the OrgSync command line utility to perform the update after using a third party tool to change a user’s organization. For more information on using this utility, see Using the OrganizationSync Utility for User Organization Changes on page 166 .

You can turn off this automatic update through the Synchronize Domains for User Organization Changes preference that is under the Display category.

For more information about preferences, see help available in the Participant Administration utility.

Synchronizing Team Membership for Users and Userdefined Groups

Users and user-defined groups can be members of teams. If group membership is modified from within Windchill, the membership of the teams in which the group is a member is automatically updated.

If the membership of one or more groups is modified using a third-party LDAP tool, then you can manually synchronize team membership by clicking the

recompute group icon that is available from the right-click action menu for the group in the Participant Administration table.

Note

If the groups that have been updated using a third-party LDAP tool are not used in any context or shared teams, you do not need to recompute group membership; however, you should remove the groups from the participant cache by using the Remove from Cache icon that is available from the right-click action menu for the group in the Participant Administration table.

Synchronizing Users with LDAP

Enabling the Synchronize Name with LDAP option for a user allows the full name, last name, or email address of the user to be automatically synchronized between LDAP and the database. This prevents problems that can occur when user attributes are changed in LDAP.