It is likely that a certain set of queries and charts will be appropriate
for all customers that have access to the internal ClearQuest database. It
would be convenient to have a common folder that all customers can access,
while preserving the isolation of each customer (so they don’t know about
any other customers). This folder would contain queries designed to return
the list of active issues for the current customer.
Additional schema properties are necessary to achieve this, most likely
record security provided by the Security Context feature of Rational® ClearQuest®..
It might be possible to achieve this with appropriate use of query filters
on some field related to the current customer (which is readily derivable
from the current user). It is important to understand that workspace folder
permissions do not restrict the ability of a user to create personal queries
and access any records which their queries may return. Only the Security Context
feature of ClearQuest can restrict which records are returned from a query.
This scenario requires the following prerequisites
To achieve the goals of the scenario, the Security Administrator performs
the following steps.
- Creates a folder for all customers to share, e.g. Common. This folder
is created in a context that has Read-Limited permission for each customer
group.
- Grants No-Access permission to Everyone on the Common folder. This establishes
the baseline level of access such that an explicit grant of some other permission
is necessary to access the folder.
- Grants Read-Only permission to each appropriate customer group on the
Common folder. This makes the folder visible to those groups (because the
enclosing folder has Read-Limited permission) and also exposes the folder
content. •
- Optionally, grants Read-Only or Read-Write permission to appropriate internal
groups on the Common folder.
Because No-Access has been granted to everyone, only those groups explicitly
granted permission can see the content of the Common folder. Any user that
has Read-Limited permission on the enclosing folder will not even see the
folder unless some permission other than No-Access has been granted to the
Common folder.