Managing the scheduler access control list
The schedule command uses a single access control list (ACL) that determines who is allowed access to the scheduler’s task and job registries and to the scheduler ACL itself.
About this task
Access type | Access to schedule | Access to ACL |
---|---|---|
Read | Read only | Read only |
Change | Read and write; can start jobs | Read only |
Full | Read and write; can start jobs | Read and write |
Although each identity can have only one access type, access rights are inherited from Everyone to Domain to Group to User in such a way that each user has the least restrictive of all these access rights that apply to that user. For example, if a user’s ACL entry specifies Read access but the ACL entry for the user’s group specifies Change access, the user has Change access.
By default, everyone has Read access. When logged on locally, the privileged user always has Full access. On a remote host, access rights for all users (even privileged users) are determined by the scheduler ACL. Thus, to change the default ACL, you must be logged on to the host where the scheduler is running, and you must be a privileged user.
Procedure
- To use the DevOps Code ClearCase Administration Console, navigate to the Scheduled Jobs node for the host on which you want to view or edit the scheduler’s ACL and click to open a window in which you can view or edit the scheduler’s ACL.
- To use the cleartool schedule command, type this
command to view the ACL:
cleartool schedule –get –acl
To edit the ACL, use this command:cleartool schedule –edit –acl
You can also create a text file that contains ACL entries in the scheduler’s ACL-definition syntax, and then use the following command to replace the entire ACL with the ACL in the file (acldef.txt in this example):cleartool schedule –set –acl acldef.txt