tags:

views:

139

answers:

1
+1  Q: 

Access Control for a Component: Rational ClearCase

Hello,

We have few components like

  • libraries

  • dlls

When initially created I ran the following command

cleartool> describe component:testcomponent@\res_pvob  
  component "testcomponent"  
  created 2010-03-11T12:07:47+05:30 by kadaba.CCUserGroup@user-b60d9d5638  
  owner: USER-B60D9D5638\kadaba  
  group: USER-B60D9D5638\CCUserGroup  
  Hyperlinks:  
cleartool: Warning: Unable to determine view for "component:testcomponent@\res_pvob".  
    ComponentRootDir -> <object not available>

I would like to restrict the component access to a few people only. I tried to use the protect command
I was able to change the owner and the group but when using -chmod it throws an error 

cleartool> protect -chmod 777 component:testcomponent@\res_pvob  
cleartool: Error: Cannot perform operation for activity:  "component:testcomponent@\res_pvob".
  1. How do I solve this error?
  2. I would also like to mention the other group, how do I do that?

Suppose I have this folder structure inside the component library say 

Apache  
Quartz

Since I access this through a view, is it possible to provide permissions for these folders.

I am hoping to get a clarity on how the access control can be defined.

Thanks in advance.

+1  A: 

First, when you do operation on an UCM component, it is best to do it in a view referencing said component:

cleartool: Warning: Unable to determine view for "component:testcomponent@\res_pvob".  
ComponentRootDir -> <object not available>

That means your current location is unable to see the VOB where the component is defined.
And that can explain your error message.

Second: true access restriction is not easily done with ClearCase, since it depends entirely on the OS.

One way we managed to do it is at the VOB level (not at the component level), by making a chmod 770 on the .vbs (vob storage) directly on the VOB server.

The article VOB and view access control can bring a more detailed explanation.

When a process requests access to VOB or view data, the process's credentials are evaluated by Rational ClearCase to determine whether the requested form of access is authorized. The following process credentials are important in making this determination:

  • User. The name of the user who starts the process.
  • Primary group. The primary group of the user who starts the process.
  • Supplemental group list. Other groups of which the user who starts the process is a member.

That means you need to:

  • restrict the list of groups associated with a VOB (protectvob)
  • restrict the list of groups a user is part of (OS-related management)
VonC  2010-03-11 12:55:31
I think I did the process in a wrong way then :(I created a pvob and then a component vob( The component vob references the pvob). I created the components and linked it to the component vob. Later I created the streams and chose the components to be made editable. Now I created a view and joined one of the development streams. I will mail you the specifics, have a look at it. I will send the screen shots so you can run through them. Thanks for your time and hope I have not done anything wrong so far
kadaba  2010-03-11 14:39:08
Hi Von, I have mailed you sorry for the late mail I was at the F1 last two days :). I have few doubts which I have put it in the mail, kindly have a look at it and suggest an appropriate strategy. Thank you very much.
kadaba  2010-03-14 06:55:12
"> While creating a new component, if I choose the import vob as component process would it be more helpful for the access control?It can help (since you can protect the vob storage directory at the system level), but be aware that once a VOB is declared as a component, you won't be able to declare any further components in that VOB. You will need another VOB to create one or more components. And a VOB is expensive in resources on the VOB server. If you have 150 components, creating 150 VOBs would be folly."-- I felt this will help anyone who comes across this.
kadaba  2010-03-15 07:22:47
Hi Von, I was able to assign the permissions through the dynamic views..
kadaba  2010-03-29 06:58:20
@kadaba: excellent! :) Could you describe in a separate answer the commands you did (without mentioning any explicit vob name in order to keep the information "anonymous")? And illustrate what kind of access control those commands allo<ed you to achieve?
VonC  2010-03-29 07:05:46

related questions

Activities In Rational ClearCase
Rational ClearCase + VOB Restore
Rational developer for power and ILE C compilers - Is ILE-C still supported?
RAD doesn't recognize changed MANIFEST.MF files (Rational Application Developer)
Rational Application Developer/WAS and AJAX inconsistency
How best to represent rational numbers in SQL Server?
WSDL - to Java (IBM Rational Application Developer) from BizTalk
UMLModeler.closeModel(modelObj) is not closing the EMX File in Editor RSA 6.0.1
Has anyone used Rational Team Concert (RTC)?
Rational Application Developer freezes when opening XML files
open type dialog is empty - RSA (Rational Software Architetc) for WebSphere 7.5.0 on Linux (Ubuntu 9.04)
Get ClearCase Snapshot Views via ClearCase Automation Library (CAL)?
WebSphere 6.1: can not start admin console after SSL-cert installation
Are there any alternatives to Rational Team Concert at the moment?
Runnig rational performance tester on a schedule
How to get the text from DataGrid with Rational Robot?
Getting View Owner/Creator with Rational ClearCase Automation Library (CAL)
Rational Purify - when tried to Run a program from Purify; error displayed as "Failed to delay loadlibrary mscorlibl.dll"
Problems occurred when invoking code from plug-in: "org.eclipse.jface" when using Checkstyle Plugin
How to install UML2Tools in Rational Business Developer
Best way to represent a fraction in Java?
Rational Functional Tester wait for object existence
Regression Testing with Rational Robot
Rational Purify failng to jump to memory leaks.