This topic defines terms useful in understanding
the workspace folder permissions feature.
The terms used in the discussion of workspace folder permissions
are based on terminology defined by the National Institute of Standards and
Technology (NIST), and on standard Rational® ClearQuest® terminology.
Role-based Access Control Terms
- protected object
- An object that can have controlled access. The ability for a user to
perform operations on the object is dependent upon the permission granted
to the user or a group the user is a member of.
- permission
- The right to perform some operation on a protected object. Permissions
can only be granted, not denied.
- privilege
- A property of a ClearQuest user that grants a predefined permission.
One such privilege grants the permission to modify the Public Queries folder.
A user either has a privilege or does not have a privilege (the “grant” terminology
doesn’t apply).
- Access Control List or ACL
- A list of groups associated with a protected object and a specific permission.
- RBAC
- Acronym for Role-Based Access Control
ClearQuest-specific terms
- [active] user
- A ClearQuest user. A user can be a member of 1 to N groups. A user is
always, and implicitly, a member of the predefined “Everyone” group.
- group
- A ClearQuest group.
- workspace
- The hierarchical organization of queries, charts, and reports, and their
containing folders, that is a component of a ClearQuest user session.
- Everyone
- A predefined group, having every user as a member.
- Public Queries
- A top-level folder in the workspace, visible to all users by default.
- Personal Queries
- A top-level folder in the workspace that is visible only to the current
user.
- Security administrator
- In a ClearQuest installation, the person who is able to set and change
folder permissions on any and all public folders, whether or not he or she
belongs to a group that has been given specific access to those folders. This
term is used by the User Administration Tool to identify that person. A security
administrator:
- has Read-Write access to every folder
- can modify the access permissions for any group on any folder.
- can modify the Change-Permission access for any group on any folder.
The Security administrator privilege also controls the ability to create
and maintain Security Context records.
- Public folder administrator
- In a ClearQuest installation, a person who is able to set and change folder
permissions on any and all public folders, but can only set and change permissions
for groups to which he or she belongs This term is used by the User Administration
Tool to identify such a person. In a large installation, the security administrator
is likely to delegate permission responsibility for certain groups to a trusted
public folder administrator in that group. Public folder administrators:
- have Read-Write access to every folder
- can modify the access permissions for groups they are members of on any
folder.
- can modify the Change-Permissions access for groups they are members of
on any folder.
- effective permission
- the level of access granted to a group, or exercised by a user, on the
contents of a folder, whether inherited from a parent folder, or directly
by an applied permission on the folder itself.