Yes and no. Windows access control is only part of the picture. Windows access control it what gets you to the containers in the pools, and what limits your ability to mount a VOB. Beyond that, you're looking strictly at ClearCase permissions, which are more unix-like.
>> * When I add a group through cleartool to the vob, I don't see any change in the windows security window.
Generally speaking, this is normal behavior. You may see the windows permissions on the pool directories change, but not on the .vbs itself. cleartool protect -add_group adds a group to the list of groups that can create or "own" elements within the VOB. That's essentially ALL it does. It does not control a user's ability to access elements in that VOB. The element permissions do that.
>> * When I 'cleartool describe' a vob folder, I only get "User : UNKNOWN and Group: UNKNOWN" information
This shouldn't happen unless the user who owns that element can't be looked up from the host you're on. Are you using a non-domain system as the test system?
>> * The only achievements to which I got today were by changing directly the accesses to the ".vbs" folders either for the PVOB or the VOB, without passing by cleartool.
Don't do this. You run a better than 90% chance of BREAKING the VOB storage directory permissions. You will become very familiar with the "fix_prot" utility if you persist in doing this.
If this is an all-Windows environment, and you want only authorized users to be able to mount VOBs (If users can't mount the VOB, they can't access the contents) try setting up multiple project-specific shares on your VOB server. You then grant ONLY the "ClearCase Server process Group" and the group of users access through that share using SHARE PERMISSIONS ONLY. You may have users who try to get around this using snapshot views, but while they may be able to see the NAMES of the files in the directories, they won't be able to load any of those files into their views. If you want to limit that, you would have to work with element permissions. The biggest problem here is that you can only work with 16 or 32 groups, depending on the VOB storage platform, and this limits the number of options you have there.
=================================================================
Brian Cowan
Advisory Software Engineer
ClearCase SoftWare Advisory Team (SWAT)
Rational Software
IBM Software Group
550 King St
Littleton, MA 01460
Phone: 1.978.899.9471
Web: http://www.ibm.com/software/rational/support/
No comments:
Post a Comment