Protected objects and protection modes

Every kind of protected object has one or more protection modes.

The following DevOps Code ClearCase® objects are subject to access control:
  • VOBs
  • Elements and versions
  • Types and instances of types, such as labels, branches, and attributes
  • Unified Change Management objects, such as projects, activities, and streams
  • VOB storage pools
  • Views
  • In dynamic views, view-private files, view-private directories, and derived objects
Each object has one or more of these properties, which are important for access control:
  • Owner. The owner is a user. The initial owner is the user identity of the process that creates the object. For some objects, the initial owner can be changed.
  • Group. The initial group is the primary group of the process that creates the object. For some objects, the initial group can be changed.
  • Protection mode. Some objects also have a protection mode, which consists of three sets of permissions, one for each of these user categories:
    • The object owner
    • Any member of the object’s group
    • All other users

Each set of permissions consists of three Boolean values for a user in its category. Each value determines whether the user has one of these permissions to act on the object:

  • Read permission, or permission to view the object’s data.
  • Write permission, or permission to modify the object’s data. For an object that contains other objects, such as a VOB or a directory, write permission generally means permission to create or delete objects within the containing object.
  • Execute permission. For a file object, execute permission is permission to run the file as an executable program. For a directory object, execute permission is permission to search the directory.