Scenario 4: Customer access with a common folder

It is likely that a certain set of queries and charts will be appropriate for all customers that have access to the internal ClearQuest database. It would be convenient to have a common folder that all customers can access, while preserving the isolation of each customer (so they don’t know about any other customers). This folder would contain queries designed to return the list of active issues for the current customer.

Additional schema properties are necessary to achieve this, most likely record security provided by the Security Context feature of Rational® ClearQuest®.. It might be possible to achieve this with appropriate use of query filters on some field related to the current customer (which is readily derivable from the current user). It is important to understand that workspace folder permissions do not restrict the ability of a user to create personal queries and access any records which their queries may return. Only the Security Context feature of ClearQuest can restrict which records are returned from a query.

This scenario requires the following prerequisites

To achieve the goals of the scenario, the Security Administrator performs the following steps.

  1. Creates a folder for all customers to share, e.g. Common. This folder is created in a context that has Read-Limited permission for each customer group.
  2. Grants No-Access permission to Everyone on the Common folder. This establishes the baseline level of access such that an explicit grant of some other permission is necessary to access the folder.
  3. Grants Read-Only permission to each appropriate customer group on the Common folder. This makes the folder visible to those groups (because the enclosing folder has Read-Limited permission) and also exposes the folder content. •
  4. Optionally, grants Read-Only or Read-Write permission to appropriate internal groups on the Common folder.

Because No-Access has been granted to everyone, only those groups explicitly granted permission can see the content of the Common folder. Any user that has Read-Limited permission on the enclosing folder will not even see the folder unless some permission other than No-Access has been granted to the Common folder.



Feedback