Access control for VOBs

Access control for a VOB is specified for the VOB owner, members of the VOB's primary group, and members of an optional supplemental group list.

These VOB properties are important for access control:
  • Owner. The initial owner is the user of the process that creates the VOB.
  • Group. The initial group is the primary group of the process that creates the VOB.
  • Supplemental group list. The initial supplemental group list is empty for a VOB created on Windows®. On Linux and the UNIX system, it contains the group list of the VOB owner.

You can use the cleartool describe command to display the owner, group, and supplemental group list for a VOB.

A privileged user logged on to the VOB server host can use the cleartool mkvob or mkvob command to create a VOB or replica that does not allow privileged access by remote users. After a VOB is created, a privileged user can use the cleartool protectvob command to change the VOB’s owner, group, or supplemental group list, and its protection against privileged access by remote users (which can be added or removed). For more information, see Preventing privileged VOB access by remote users.
Note: You cannot use protectvob to add the DevOps Code ClearCase administrators group to a VOB’s supplemental group list. Members of this group already have full access rights to all VOB objects.

Permission to create VOBs

Any user can create a VOB.

Permission to delete VOBs

Only the VOB owner or a privileged user can delete a VOB.

Permission to read VOBs

You cannot read a VOB directly. Read operations on a VOB are read operations on objects within the VOB. See Access control for elements and Access control for other VOB objects.

Permission to write VOBs

You cannot write a VOB directly. Write operations on a VOB include creating and deleting objects within the VOB. See Access control for elements and Access control for other VOB objects.

Permission to execute VOBs

You cannot execute a VOB directly. Execute operations on a VOB are execute operations on objects within the VOB. See Access control for elements and Access control for other VOB objects.