Scenario 1: Limited access to public queries

The purpose of this scenario is to allow different groups to manage sections of the Public Queries folder without having to grant the Public Folder Administrator privilege to any users.

In this scenario, we presume the existence of diverse groups within an organization that all have access to a common ClearQuest database. Although they all have access to the data, each group has differing needs regarding what queries and charts they want to use. Each group wants to be able to create and share their own queries and charts, but groups also want to be protected from other groups changing those items. Groups also want to be able to see the items in the folders of other groups.

Primary scenario workflow

The Security Administrator performs the following steps.

  1. Defines ClearQuest groups that correspond to the organizational groups and assigns users accordingly.
  2. Defines workspace folders under the Public Queries workspace folder for each of the organizational groups.
  3. Grants Read-Write permission to each ClearQuest group on the corresponding workspace folder.

Members of each group can now use their group folder as a shared folder, with every member of the group being able to modify the contents of the group folder. All users have Read-Only access to all other group folders.

Alternate scenario #1: Limited cross-group visibility

In this scenario, a group needs a private folder that will contain things that no other group can see.

The Security Administrator performs the following additional steps.

  1. Creates a subfolder within the group folder, e.g. Private.
  2. Grants No-Access permission to the Everyone group on Private.
  3. Grants Read-Write permission to the owning group on Private.

Note that the Security Administrator or any member of the owning group can create the Private folder, but that only the Security Administrator can set the workspace folder permissions in this scenario.

Alternate scenario #2: Limited Public Queries Visibility

In this scenario, a group is only given access to a portion of the contents of the Public Queries folder. This may be desired to simplify user operation by reducing the scope of what a user can see, or to control access to sensitive data that should only have limited internal visibility.

This alternate scenario would be likely to incorporate the previous alternate flow to limit cross-group visibility. In addition, access to the content of non-group folders within the Public Queries folder would be restricted by the Security Administrator taking the following additional steps:

  1. Grants No-Access permission to Everyone on the appropriate non-group folders.
  2. Grants Read-Only permission to selected groups on the appropriate non-group folders.

This scenario would generally involve additional ClearQuest groups to manage visibility to the non-group folders, since the appropriate policies would generally cut across group boundaries. For example, all group managers may have Read-Write access to certain folders that non-managers do not.

Alternate scenario #3: Hiding existence of other group folders

In this case, the Security Administrator wants to hide the existence of other group folders within the Public Queries folder so that a user will only see the folders that correspond to the groups they are members of. This is done by using Read-Limited instead of Read-Only (relative to the primary flow).

The Security Administrator performs the following additional steps.

Because the group folders already have Read-Write for the corresponding groups, each member of those groups will only see their own group folders inside Public Queries.

Note: This step also removes the visibility of items contained directly in the Public Queries folder for all users.


Feedback