The scheduler maintains a single access control list that determines who is allowed access to the scheduler and to the ACL itself.
The ACL consists of a list of entries. Each entry assigns an access type to an identity. Four types of identity exist: Everyone, Domain, Group, and User. A domain is a Windows domain for ClearCase LT servers running Windows and an NIS domain for ClearCase LT servers running UNIX. Each group and user is qualified by a domain name. In a Windows domain, a group must be a global group, and a user must be a domain account.
NOTE: UNIX hosts that are not part of an NIS domain can use the string <unknown> in place of the domain name in an ACL entry.
Each identity has one of three access types. Table 5 shows the access types and their implications for access to the schedule and access to the ACL itself.
Access Type | Access to Schedule | Access to ACL |
---|---|---|
Read | Read only | Read only |
Change | Read and write; can start jobs | Read only |
Full | Read and write; can start jobs | Read and write |
Each identity can have only one access type. However, access rights are inherited from Everyone to Domain to Group to User in such a way that each user has the least restrictive of all these access rights that apply to that user. For example, if a user's ACL entry specifies Read access but the ACL entry for the user's group specifies Change access, the user has Change access.
By default, everyone has Read access. On a local Windows host (the host where the scheduler is running), a member of the ClearCase administrators group always has Full access. On a local UNIX host, the root user always has Full access. On a remote host, access rights of a member of the ClearCase administrators group or the root user are determined by the ACL. Thus, to change the default ACL, you must be logged on to the ClearCase LT server, and you must be the privileged user.
To view or edit the scheduler's ACL, use the ClearCase Administration Console:
Navigate to the Scheduled Jobs node for the ClearCase LT server.
Click Action > All Tasks > Edit Permissions. This command opens a dialog box in which you can view or edit the scheduler's ACL.
Or use the following command to view the ACL:
cleartool schedule -get -acl
Use the following command to edit the ACL:
cleartool schedule -edit -acl
This command opens in a text editor a file containing a representation of the current ACL. You can edit the ACL using the ACL-definition syntax documented on the reference page for the schedule command.
If you have a text file containing ACL entries using the scheduler's ACL-definition syntax, you can use the following command to replace the entire ACL with the ACL entries in your file:
cleartool schedule -set -acl defn_file_pname
Feedback on the documentation in this site? We welcome any comments!
Copyright © 2001 by Rational Software Corporation. All rights reserved. |