permissions

Identity checking

APPLICABILITY


Product
Command Type

ClearCase


general information


ClearCase LT


general information


Attache


general information


MultiSite


general information


Platform

UNIX


Windows

DESCRIPTION

In general, only commands that modify (write to) a VOB or a project VOB are subjected to identity checking. The following hierarchy of identity checking is used, in a command-specific manner, to determine whether a command can proceed or be canceled:

Both file-system and non-file-system objects have an owner and a group; this information is storedwith the object. When an object is created, its owner and group are set to that of the user who created it. Use the protect command to change the owner (-chown) or group (-chgrp) of the object. The describe command displays the owner and group of the object.

The scheduler maintains its own access control list (ACL),which determines who is allowed access to the scheduler and to the ACL itself. See the schedule reference page for more information.

The reference page for a command lists the special identities (if any) required to use the command along with other restrictions on its use.

The sections below list all cleartool subcommands and Attache commands, categorized by their identity requirements. For information on identity checking for ClearCase and ClearCase LT commands (that is, other than cleartool subcommands and Attache commands), refer to the corresponding reference pages.

None

annotate

apropos

catcr

catcs

cd

chactivity

checkvob (except with -fix or -hlink)

chfolder

describe

diff

diffbl

diffcr

deliver

dospace 1

edcs

endview (except with -server)

file

find

findmerge 2

get

getcache

getlog

help

hostinfo

import 3

ln 4

ls

lsactivity

lsbl

lscheckout

lsclients

lscomp

lsdo

lsfolder

lshistory

lslocal

lslock

lsmaster

lspool

lsprivate

lsproject

lsregion

lsreplica

lssite

lsstgloc

lsstream

lstype

lsview

lsvob

lsvtree

lsws

make

man

mkactivity

mkattype 5

mkbl

mkbrtype 5

mkdir 4

mkelem 4

mkeltype 5

mkfolder

mkhltype 5

mklbtype 5

mkproject

mkregion

mkstgloc

mkstream

mktag 6

mkview 7

mkvob 7

mkws

mount 10

mv 4

mvws

put

pwd

pwv

quit

rebase

recoverview

reformatview

register

reqmaster (requesting mastership only) 9

rmname 4 8

rmregion

rmstgloc

rmtag

rmws

setactivity

setcs

setplevel

setsite

setview

setws

shell

space 1

startview

umount (public VOB)

unregister

update

winkin

wshell

1 Except with -update or -generate

2 No special identity required for "search" functionality

3 For created elements only

4 One or more directory elements must be checked out

5 Except with -replace

6 Except for private VOB-tag

7 Standard UNIX/Windows NT permissions for creating a subdirectory required

8 Except with -nco

9 Must be on ACL at master replica

10 Only for public VOB

one of: element group member, element owner, VOB owner, root, member of the ClearCase group, local administrator of the ClearCase LT server host; (for commands that operate on objects) object group member, object owner , VOB owner, root, member of the ClearCase group, local administrator of the ClearCase LT server host

checkout

checkvob -hlink

import 1

merge 2

mkattr

mkbranch

mkhlink

mklabel

mktrigger

reserve

rmattr

rmhlink

rmlabel

rmmerge

rmtrigger

unreserve

1 For checked-out directories only

2 Applies to creation of merge arrows only, not to data

one of: version creator, element owner, VOB owner, root, member of the ClearCase group, local administrator of the ClearCase LT server host

checkin

rmver

uncheckout

one of: element owner, VOB owner, root, member of the ClearCase group, local administrator of the ClearCase LT server host

chtype (element)

lock (element)

rmelem

unlock (element)

one of: user associated with event, object owner, VOB owner, root, member of the ClearCase group, local administrator of the ClearCase LT server host

chevent

one of: branch creator, element owner, VOB owner, root, member of the ClearCase group, local administrator of the ClearCase LT server host

chtype (branch)

lock (branch)

rmbranch

unlock (branch)

one of: type owner, VOB owner, root, member of the ClearCase group, local administrator of the ClearCase LT server host

lock (type object)

mkattype -replace

mkbrtype -replace

mkeltype -replace

mkhltype -replace

mklbtype -replace

mktrtype -replace

rename (type object)

rmtype

unlock (type object)

one of: pool owner, VOB owner, root, member of the ClearCase group

rename (pool)

rmpool

one of: DO group member, DO owner, VOB owner, root, member of the ClearCase group

rmdo

NOTE: Only the VOB owner and root, members of the ClearCase group can delete a shared derived object.

one of: view owner, root, member of the ClearCase group, local administrator of the ClearCase LT server host

endview -server

rmview

setcache -view

space -view -generate

one of: owner, VOB owner, root, member of the ClearCase group, local administrator of the ClearCase LT server host

protect

one of: owner, project VOB owner, root, member of the ClearCase group, local administrator of the ClearCase LT server host

chproject

chstream

rmactivity

rmbl

rmcomp

rmfolder

rmproject

rmstream

one of: owner, stream owner, root, member of the ClearCase group, local administrator of the ClearCase LT server host

chbl

one of: owner, VOB owner, root, member of the ClearCase group

chmaster

one of: VOB owner, root, member of the ClearCase group

checkvob -fix

chpool

dospace -generate

ln -nco

lock (pool or VOB)

mkpool

mktrtype 1

reformatvob

relocate

reqmaster (to set access controls)

rmname -nco

rmvob

space -vob -generate

umount (private VOB)

unlock (pool or VOB)

1 except with -replace

one of: VOB owner, root, member of the ClearCase group, local administrator of the ClearCase LT server host

checkvob -fix

ln -nco

lock (pool or VOB)

mkcomp

mktrtype 1

reformatvob

rmname -nco

rmvob

space -vob -generate

unlock (pool or VOB)

1 except with -replace

VOB owner

mktag (private VOB-tag)
mount (private VOB)

view owner

chview (can also be root on view server host)

root, member of the ClearCase group, local administrator of the ClearCase LT server host

setcache -host

setcache -mvfs

root, local administrator of the ClearCase VOB server host, local administrator of the ClearCase LT server host

protectvob

same permissions as those for creating the corresponding type object

cptype

permissions controlled by the scheduler ACL

dospace -update

schedule

space -update

SEE ALSO

Reference pages for individual commands



Feedback on the documentation in this site? We welcome any comments!
Copyright © 2001 by Rational Software Corporation. All rights reserved.