Users and groups
A user's name and group memberships are the principal credentials evaluated by DevOps Code ClearCase® when access is requested.
The identity with which a user logs on to the operating system of a
DevOps Code ClearCase host establishes that user’s
credentials. Because these credentials are evaluated whenever and wherever a user requests access to
an object under DevOps Code ClearCase control,
operating system definitions for user names, group names, and each user’s group memberships must be
consistent on every DevOps Code ClearCase host. This
consistency is usually achieved by means of an account database such as a Windows® domain or the Network
Information System (NIS) supported on Linux and the UNIX system.
Note: In environments where users
access a common set of VOBs and views from hosts running different supported operating systems, this
consistency must extend to both platform types (user and group names as well as each user’s group
memberships must be the same on Linux and the UNIX system as they are on Windows). For more
information, see Common user and group names.
User process credentials
When a process requests
access to VOB or view data, the process’s credentials are evaluated by DevOps Code ClearCase to determine
whether the requested form of access is authorized. The following process
credentials are important in making this determination:
- User. The name of the user who starts the process.
- Primary group. The primary group of the user who starts the process.
- Supplemental group list. Other groups of which the user who starts the process is a member.
Note: When a user logs on to a Windows host where the MVFS is installed, the user’s credentials are
cached. The Credentials Manager service periodically checks the credential cache and deletes the
credentials of users who have logged off since the last credentials check.
Limitations when a user belongs to more than 32 groups
If a user is a member of more than 32 groups, only the first 32 groups (in numerical order by GID on Linux and on the UNIX system, or SID on Windows) are recognized by DevOps Code ClearCase. If the user environment variable CLEARCASE_GROUPS exists for any user, the semicolon-separated list of group names specified in the value of this variable first are considered when determining the list of groups to which the user belongs.