Access control for view-private files in dynamic views
Any file created in a dynamic view is subject to DevOps Code ClearCase® access control, whether or not it is ever added to source control.
In a dynamic view, the initial owner, group, and protection mode for a view-private file are determined differently on Linux and on the UNIX system than they are on Windows®.
Initial owner, group, and protection mode on Linux and the UNIX system
- Owner. The initial owner is the user of the process that creates the file or directory.
- Group. The initial group is the primary group of the process that creates the file or directory.
- Protection mode. The initial protection mode for a view-private file depends on the umask
of the user who creates the file or directory. A umask is a setting supported on Linux and the UNIX
system that specifies that some permissions are not granted when the user creates a file. (For
details, see the umask reference page on Linux or the UNIX system.) When a user creates a
view-private file or directory, DevOps Code ClearCase
begins with a set of permissions that depend on how the file or directory is created. The
permissions specified by the user’s umask are then removed by DevOps Code ClearCase. For example, if the user’s umask is 002,
write permission for others is removed by DevOps Code ClearCase.
You can use the cleartool describe command or the Linux and UNIX system-based ls command to display the owner, group, and protection mode for a view-private file or directory. You can use the Linux and UNIX system-based chown command to change the owner, the chgrp command to change the group, and the Linux and UNIX system-based chmod command to change the protection mode.
Initial owner, Group, and protection mode on Windows
- Owner. The initial owner is the user of the process that creates the file or directory.
- Group. The initial group is assigned in one of two ways based on
the group of the process that creates the file or directory:
- If the process’s primary group is the same as the VOB’s group, that group is assigned.
- Otherwise, the process’s group list is compared with the VOB’s supplementary group list and the first group that appears on both lists is assigned.
- Protection mode. A view-private file or directory initially has read, write, and execute
permission for all users.
You can use the cleartool describe command or the Properties of File or Properties of Directory window in DevOps ClearCase Explorer or Windows Explorer to display the owner, group, and protection mode for a view-private file or directory.
You cannot change the owner or group of a view-private file or directory. You can use the Read-only check box in Windows Explorer Properties window or the attrib +R (equivalent to mode 777) and attrib –R (equivalent to mode 555) commands to specify whether all users have write permission. You cannot change any other permissions.
Permission to create view-private files
A process must have write permission for both the view and a containing directory in the view to create a file or directory in the containing directory. For view permissions, see Permission to write views.
If the containing directory is an element version, the process must have write permission for the element. See Permission to write elements. If the containing directory is a view-private directory, the process must have write permission for the view-private directory. See Permission to write view-private files.
Permission to delete view-private files
A process must have write permission for both the view and a containing directory in the view to delete a file or directory in the containing directory. For view permissions, see Permission to write views.
If the containing directory is an element version, the process must have write permission for the element. See Permission to write elements. If the containing directory is a view-private directory, the process must have write permission for the view-private directory. See Permission to write view-private files.
Permission to read view-private files
A process must have read permission for both the view and a view-private file or directory in the view to read the file or directory. For view permissions, see Permission to write views.
The algorithm used by DevOps Code ClearCase considers the process’s user and group and the view-private file or directory’s owner, group, and protection mode to determine whether to grant read permission for the file or directory. See Access algorithm for VOB and view data.
Permission to write view-private files
A process must have write permission for both the view and a view-private file or directory in the view to write the file or directory. For view permissions, see Permission to write views.
The algorithm used by DevOps Code ClearCase considers the process’s user and group and the view-private file or directory’s owner, group, and protection mode to determine whether to grant write permission for the file or directory. See Access algorithm for VOB and view data.
Permission to execute view-private files
A process must have execute permission for both the view and a view-private file or directory in the view to execute the file or directory. For view permissions, see Permission to write views.
The algorithm used by DevOps Code ClearCase considers the process’s user and group and the view-private file or directory’s owner, group, and protection mode to determine whether to grant execute permission for the file or directory. See Access algorithm for VOB and view data.