Access control for VOBs
Access control for a VOB is specified for the VOB owner, members
of the VOB's primary group, and members of an optional supplemental group
list.
These VOB properties are important for access control:
- Owner. The initial owner is the user of the process that creates the VOB.
- Group. The initial group is the primary group of the process that creates the VOB.
- Supplemental group list. The initial supplemental group list is empty for a VOB created on Windows. On Linux and the UNIX system, it contains the group list of the VOB owner.
You can use the cleartool describe command to display the owner, group, and supplemental group list for a VOB.
A privileged user logged on to the VOB server host can use the cleartool mkvob or mkvob command to create a VOB or replica that does not allow privileged access
by remote users. After a VOB is created, a privileged user can use the cleartool protectvob command
to change the VOB’s owner, group, or supplemental group list, and its
protection against privileged access by remote users (which can be added or
removed). For more information, see Preventing privileged VOB access by remote users.
Note: You
cannot use protectvob to add the DevOps Code ClearCase administrators
group to a VOB’s supplemental group list. Members of this group already have
full access rights to all VOB objects.
Permission to create VOBs
Any user can create a VOB.
Permission to delete VOBs
Only the VOB owner or a privileged user can delete a VOB.
Permission to read VOBs
You cannot read a VOB directly. Read operations on a VOB are read operations on objects within the VOB. See Access control for elements and Access control for other VOB objects.
Permission to write VOBs
You cannot write a VOB directly. Write operations on a VOB include creating and deleting objects within the VOB. See Access control for elements and Access control for other VOB objects.
Permission to execute VOBs
You cannot execute a VOB directly. Execute operations on a VOB are execute operations on objects within the VOB. See Access control for elements and Access control for other VOB objects.