A user's name and group memberships are the principal credentials
evaluated by HCL
VersionVault when
access is requested.
The identity with which a user logs on to the operating system of a
n
HCL
VersionVault host establishes that user’s
credentials. Because these credentials are evaluated whenever and wherever a user requests access to
an object under
HCL
VersionVault control,
operating system definitions for user names, group names, and each user’s group memberships must be
consistent on every
HCL
VersionVault host. This
consistency is usually achieved by means of an account database such as a
Windows® domain or the Network
Information System (NIS) supported on Linux and the UNIX system.
Note: In environments where users
access a common set of VOBs and views from hosts running different supported operating systems, this
consistency must extend to both platform types (user and group names as well as each user’s group
memberships must be the same on Linux and the UNIX system as they are on
Windows®). For more
information, see
Common user and group names.
User process credentials
When a process requests
access to VOB or view data, the process’s credentials are evaluated by
HCL
VersionVault to determine
whether the requested form of access is authorized. The following process
credentials are important in making this determination:
- User. The name of the user who starts the process.
- Primary group. The primary group of the user who starts the process.
- Supplemental group list. Other groups of which the user who starts
the process is a member.
Note: When a user logs on to a Windows® host where the MVFS is installed, the user’s credentials are
cached. The Credentials Manager service periodically checks the credential cache and deletes the
credentials of users who have logged off since the last credentials check.
Limitations when a user belongs to more than 32 groups
If a user is a member of more than 32 groups, only the first 32 groups (in numerical order by GID
on Linux and on the UNIX system, or SID on Windows®) are recognized by HCL
VersionVault. If the user environment variable CLEARCASE_GROUPS exists for any user, the
semicolon-separated list of group names specified in the value of this variable first are considered
when determining the list of groups to which the user belongs.