ClearCase Reference Manual, Release 4.0, Windows

permissions

Permissions checking

APPLICABILITY

ClearCase (general information), Attache (general information), MultiSite (general information)

DESCRIPTION

In general, only commands that modify (write to) a VOB are subjected to permissions checking. The following hierarchy (in order from most privileged to least privileged) is used, in a command-specific manner, to determine whether a command can proceed or be canceled:

member of the ClearCase group
NOTE: We strongly recommend that you do not make ordinary ClearCase users members of the ClearCase group. ClearCase grants the members of this group special administrative privileges (for example, the ability to delete elements without being the owner of the element or VOB). If you need this special access, do one of the following:
- Log on to a user account that is a member of the ClearCase group. You can either create a new ClearCase Super-User account that is a member of the ClearCase group or add an existing account (such as the account of your VOB administrator) to the ClearCase group.
- Log on as the ClearCase ALBD user (typically named clearcase_albd), which is already a member of the ClearCase group.
VOB owner
Owner of the relevant element (for modifications to branches and versions)
Owner of the relevant type object (for modifications to objects of that type)
Creator of a version or derived object
Owner of the object (pool, hyperlink, replica, activity, checkpoint, domain, role, state, user)
User associated with an event
Members of an object's group (same group-ID)

For example, a member of the ClearCase group always has permission to use commands that modify a VOB. However, if you try to modify an element that you do not own, and you are not the VOB owner or a member of the ClearCase group, the command fails.

Both file-system and non-file-system objects have an owner and a group; this information is stored with the object. When an object is created, its owner and group are set to that of the user who created it. Use the protect command to change the owner (-chown) or group (-chgrp) of the object. The describe command displays the owner and group of the object.

The ClearCase scheduler maintains its own access control list (ACL),which determines who is allowed access to the scheduler and to the ACL itself. See the schedule reference page for more information.

The reference page for a command lists the permissions required to use the command.

The sections below list all cleartool subcommands and Attache commands, categorized by their permissions requirements.

None

annotate catcr catcs cd checkvob (except with -fix or -hlink) describe diff diffcr dospace ¹ edcs endview (except with -server) file find findmerge ² get getcache getlog help hostinfo	import ³ ln ⁴ ls lsactivity lscheckout lsclients lsdo lshistory lslocal lslock lspool lsprivate lsregion lsreplica lssite lstype lsview lsvob lsvtree lsws make	man mkattype ⁵ mkbrtype ⁵ mkdir ⁴ mkelem ⁴ mkeltype ⁵ mkhltype ⁵ mklbtype ⁵ mkregion mktag ⁶ mkview ⁷ mkvob ⁷ mkws mount mv ⁴ mvws put	pwd pwv quit recoverview reformatview register reqmaster (requesting mastership only) ⁹ rmname ⁴ ⁸ rmregion rmtag rmws setcs setsite setws shell space ¹ startview umount unregister update winkin wshell
¹ Except with -update or -generate
² No permissions required for "search" functionality
³ For created elements only
⁴ One or more directory elements must be checked out
⁵ Except with -replace
⁶ Except for private VOB-tag
⁷ tandard Windows NT ACL permissions for creating a subdirectory required
⁸ Except with -nco
⁹ Must be on ACL at mastering replica