Workspace folder permissions terminology

This topic defines terms useful in understanding the workspace folder permissions feature.
The terms used in the discussion of workspace folder permissions are based on terminology defined by the National Institute of Standards and Technology (NIST), and on standard Rational® ClearQuest® terminology.

Role-based Access Control Terms

protected object
An object that can have controlled access. The ability for a user to perform operations on the object is dependent upon the permission granted to the user or a group the user is a member of.
permission
The right to perform some operation on a protected object. Permissions can only be granted, not denied.
privilege
A property of a ClearQuest user that grants a predefined permission. One such privilege grants the permission to modify the Public Queries folder. A user either has a privilege or does not have a privilege (the “grant” terminology doesn’t apply).
Access Control List or ACL
A list of groups associated with a protected object and a specific permission.
RBAC
Acronym for Role-Based Access Control

ClearQuest-specific terms

[active] user
A ClearQuest user. A user can be a member of 1 to N groups. A user is always, and implicitly, a member of the predefined “Everyone” group.
group
A ClearQuest group.
workspace
The hierarchical organization of queries, charts, and reports, and their containing folders, that is a component of a ClearQuest user session.
Everyone
A predefined group, having every user as a member.
Public Queries
A top-level folder in the workspace, visible to all users by default.
Personal Queries
A top-level folder in the workspace that is visible only to the current user.
Security administrator
In a ClearQuest installation, the person who is able to set and change folder permissions on any and all public folders, whether or not he or she belongs to a group that has been given specific access to those folders. This term is used by the User Administration Tool to identify that person. A security administrator:
  • has Read-Write access to every folder
  • can modify the access permissions for any group on any folder.
  • can modify the Change-Permission access for any group on any folder.
The Security administrator privilege also controls the ability to create and maintain Security Context records.
Public folder administrator
In a ClearQuest installation, a person who is able to set and change folder permissions on any and all public folders, but can only set and change permissions for groups to which he or she belongs This term is used by the User Administration Tool to identify such a person. In a large installation, the security administrator is likely to delegate permission responsibility for certain groups to a trusted public folder administrator in that group. Public folder administrators:
  • have Read-Write access to every folder
  • can modify the access permissions for groups they are members of on any folder.
  • can modify the Change-Permissions access for groups they are members of on any folder.
effective permission
the level of access granted to a group, or exercised by a user, on the contents of a folder, whether inherited from a parent folder, or directly by an applied permission on the folder itself.


Feedback