3/19/2015 Access control for viewprivate files in dynamic views
http://www01.ibm.com/support/knowledgecenter/api/content/nl/enus/SSSH27_7.1.1/com.ibm.rational.clearcase.cc_admin.doc/topics/r_access_view_priv… 1/3
Access control for viewprivate files in dynamicviewsAny file created in a dynamic view is subject to Rational® ClearCase® access control,whether or not it is ever added to source control.
In a dynamic view, the initial owner, group, and protection mode for a viewprivate fileare determined differently on Linux® and on the UNIX® system than they are onWindows®.
Initial owner, group, and protection mode on Linux andthe UNIX systemOn Linux and the UNIX system, the initial owner, group, and protection mode for a viewprivate file are determined by the following rules:
Owner. The initial owner is the user of the process that creates the file ordirectory.Group. The initial group is the primary group of the process that creates the file ordirectory.Protection mode. The initial protection mode for a viewprivate file depends onthe umask of the user who creates the file or directory. A umask is a settingsupported on Linux and the UNIX system that specifies that some permissions arenot granted when the user creates a file. (For details, see the umask referencepage on Linux or the UNIX system.) When a user creates a viewprivate file ordirectory, Rational ClearCase begins with a set of permissions that depend on howthe file or directory is created. The permissions specified by the user’s umask arethen removed by Rational ClearCase. For example, if the user’s umask is 002, writepermission for others is removed by Rational ClearCase.
You can use the cleartool describe command or the Linux and UNIX systembased lscommand to display the owner, group, and protection mode for a viewprivate fileor directory. You can use the Linux and UNIX systembased chown command tochange the owner, the chgrp command to change the group, and the Linux andUNIX systembased chmod command to change the protection mode.
Initial owner, Group, and protection mode on WindowsOn Windows, the initial owner, group, and protection mode for a viewprivate file aredetermined by the following rules:
Owner. The initial owner is the user of the process that creates the file ordirectory.Group. The initial group is assigned in one of two ways based on the group of theprocess that creates the file or directory:
If the process’s primary group is the same as the VOB’s group, that group isassigned.Otherwise, the process’s group list is compared with the VOB’s supplementarygroup list and the first group that appears on both lists is assigned.
Protection mode. A viewprivate file or directory initially has read, write, andexecute permission for all users.
You can use the cleartool describe command or the Properties of File orProperties of Directory window in Rational ClearCase Explorer or WindowsExplorer to display the owner, group, and protection mode for a viewprivate file ordirectory.
You cannot change the owner or group of a viewprivate file or directory. You can
3/19/2015 Access control for viewprivate files in dynamic views
http://www01.ibm.com/support/knowledgecenter/api/content/nl/enus/SSSH27_7.1.1/com.ibm.rational.clearcase.cc_admin.doc/topics/r_access_view_priv… 2/3
use the Readonly check box in Windows Explorer Properties window or the attrib+R (equivalent to mode 777) and attrib –R (equivalent to mode 555) commands tospecify whether all users have write permission. You cannot change any otherpermissions.
Permission to create viewprivate filesA process must have write permission for both the view and a containing directory in theview to create a file or directory in the containing directory. For view permissions, seePermission to write views.
If the containing directory is an element version, the process must have write permissionfor the element. See Permission to write elements. If the containing directory is a viewprivate directory, the process must have write permission for the viewprivate directory.See Permission to write viewprivate files.
Permission to delete viewprivate filesA process must have write permission for both the view and a containing directory in theview to delete a file or directory in the containing directory. For view permissions, seePermission to write views.
If the containing directory is an element version, the process must have write permissionfor the element. See Permission to write elements. If the containing directory is a viewprivate directory, the process must have write permission for the viewprivate directory.See Permission to write viewprivate files.
Permission to read viewprivate filesA process must have read permission for both the view and a viewprivate file ordirectory in the view to read the file or directory. For view permissions, see Permission towrite views.
The algorithm used by Rational ClearCase considers the process’s user and group and theviewprivate file or directory’s owner, group, and protection mode to determine whether togrant read permission for the file or directory. See Access algorithm for VOB and viewdata.
Permission to write viewprivate filesA process must have write permission for both the view and a viewprivate file ordirectory in the view to write the file or directory. For view permissions, see Permission towrite views.
The algorithm used by Rational ClearCase considers the process’s user and group and theviewprivate file or directory’s owner, group, and protection mode to determine whether togrant write permission for the file or directory. See Access algorithm for VOB and viewdata.
Permission to execute viewprivate filesA process must have execute permission for both the view and a viewprivate file ordirectory in the view to execute the file or directory. For view permissions, see Permissionto write views.
The algorithm used by Rational ClearCase considers the process’s user and group and theviewprivate file or directory’s owner, group, and protection mode to determine whether togrant execute permission for the file or directory. See Access algorithm for VOB and view
3/19/2015 Access control for viewprivate files in dynamic views
http://www01.ibm.com/support/knowledgecenter/api/content/nl/enus/SSSH27_7.1.1/com.ibm.rational.clearcase.cc_admin.doc/topics/r_access_view_priv… 3/3
data.
Parent topic: Access control for views and objects they contain