限制VOB组件检查ou/in [英] Restrict VOB components from checking ou/in
问题描述
在我的项目中,我必须创建被允许只读访问VOB的用户.为了根据研究和我的理解完成此任务,我创建了不同的组,并在目录方面进行了更改,我将根组更改为相应的组.示例:在VOB下,我有三个目录dA,dB和dC,我创建了3组gA,gB和gC.即使在通过chmod 770保护目录之后,其他组也无法执行检入/检出-1.其他组用户仍然可以访问目录.2.其他小组仍然可以进行签入/签出.
请建议我如何限制VOB组件(基于目录),防止指定用户在大写情况下检查ou/in.
ClearCase 7.x:
vob存储本身上的 chmod 不足以阻止检出/检入修改操作:您需要考虑每个用户使用的 CLEARCASE_PRIMARY_GROUP 环境变量.
如果该组不是在vob中声明的主要组或次要组的一部分,则他们将无法签出/签入.
另请参阅""
In my project I got to create users who are allowed to read only access to VOB. To accomplish this as per study and my understandings I have created different groups and directory wise I have changed root group to respective group. Example : Under VOB I have three directories dA, dB and dC I created 3 groups gA, gB and gC. Even after gving protecting directories by chmod 770 so that other groups could not do Checkin/Checkout - 1. Other groups users still could access directories. 2. And other groups are still able to do Checkin/Checkout.
Please do suggest on how I can restrict VOB components(directory basis) from checking ou/in by specified user in clearcase.
ClearCase 7.x:
chmod on the vob storage itself isn't enough to prevent checkout/checkins modification operations: you need to consider the CLEARCASE_PRIMARY_GROUP environment variable used by each user.
If that group is not part of the primary group or secondary groups declared in the vob, they wouldn't be able to checkout/checkin.
See also "About ClearCase permissions on Windows".
As mentioned in this thread:
Unless user is a member of the element's group, he or she would not be able to make any changes (checkouts/check-ins). It can be used to grant read-only access to a VOB, when elements "world" rights are not revoked.
BTW, even when required group membership is not granted, it would not prevent user from creating metadata, such as branch or label types. Triggers would be required to restrict these operations.
This thread confirms:
you are stuck with a pre-op trigger on checkout.
Add the "read-only" users to the group and only allow users in a list (either in the trigger itself or as an attribute on the VOB) to perform checkouts.
ClearCase 8.x
CC8 introduces the notion of access control lists (ACLs), which simplify the security of your versioned object bases (VOBs).
See more with "Ensure effective administration and security in Rational ClearCase 8.0.1"
这篇关于限制VOB组件检查ou/in的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
