Topic
  • 1 reply
  • Latest Post - ‏2014-08-21T21:01:14Z by brcowan
VETRI
VETRI
64 Posts

Pinned topic ACLs - DefaultPolicy has rmelem permission for Everyone ?

‏2014-08-21T12:30:37Z |

Hi

When enabling ACLs for Clearcase 8.0.1.3 VOB ,  the DefaultPolicy has rmelem access for Everyone at  VOB level.

Why rmelem for Everyone ?

M:\AVETRIV2_view4\ROLEMAP123>cleartool desc policy:DefaultPolicy
policy "DefaultPolicy"
  created 2014-08-21T14:47:45+05:30 by Vetrivel (AVETRIV2.7524-LEAD-RW@WGC10013W68BS)
  "Predefined object to represent default policy."
  protected by rolemap: "DefaultRolemap"
  effective access for user "AVETRIV2": Full
  owner: FORDAP1\AVETRIV2
  group: FORDAP1\7524-LEAD-RW
  contents:
    vob ACL:
      Everyone: rmelem,Read
      User:FORDAP1\AVETRIV2 Full
      Owner-User: Full
      Owner-Group: Change
    element ACL:
      Owner-User: Full
      Everyone: Read
      User:FORDAP1\AVETRIV2 Full
      Owner-Group: Change
    policy ACL:
      Owner-User: Full
      Everyone: Read
      User:FORDAP1\AVETRIV2 Full
      Owner-Group: Read
    rolemap ACL:
      Owner-User: Full
      Everyone: Read
      User:FORDAP1\AVETRIV2 Full
      Owner-Group: Read
 

Regards

VETRI

 

Updated on 2014-08-21T15:50:04Z at 2014-08-21T15:50:04Z by VETRI
  • brcowan
    brcowan
    741 Posts
    ACCEPTED ANSWER

    Re: ACLs - DefaultPolicy has rmelem permission for Everyone ?

    ‏2014-08-21T21:01:14Z  

    The objective is that -- when you INITIALLY enable ACL's -- "nothing" changes. users can still access what they could access before. You then tighten this down using ACL's.

    ACLs are in addition to standard ClearCase permissions, so you still have to be a user who is either the owner of the element or CC admin to remove it.

    Later on, you an create ACL's that further restrict this capability.

  • brcowan
    brcowan
    741 Posts

    Re: ACLs - DefaultPolicy has rmelem permission for Everyone ?

    ‏2014-08-21T21:01:14Z  

    The objective is that -- when you INITIALLY enable ACL's -- "nothing" changes. users can still access what they could access before. You then tighten this down using ACL's.

    ACLs are in addition to standard ClearCase permissions, so you still have to be a user who is either the owner of the element or CC admin to remove it.

    Later on, you an create ACL's that further restrict this capability.