chpolicy
Changes the definition of a policy
Applicability
Product |
Command type |
---|---|
VersionVault |
cleartool subcommand |
Platform |
---|
UNIX® |
Linux® |
Windows® |
Synopsis
- chpolicy { –kind object-kind[,...]
- { –add principal-name[,...] –permission perm[,...]
|
–remove principal-name[,...] [ –permission perm[,...]] |
–modify principal-name[,...] –permission perm[,...] }
[ –c comment | –cfile pname | –cq | –cqe | –nc ] } |
{ –validate_pools }
policy-selector ...
Description
The chpolicy command changes the definition of a policy. It may change the effective ACL of the rolemaps that implement the policy. This command updates file system ACLs on elements and their version containers for elements that are protected by such rolemaps.
Restrictions
Authorization
- read-info on VOB object
- read-name on the policy
- read-info on policy
- mod-props on policy
Locks
An error occurs if one or more of these objects are locked: VOB, policy.
Mastership
(Replicated VOBs only) The replica must master the policy to modify its contents (adding or removing roles, modifying permissions assigned to roles).
Options and arguments
Modifying the policy
- –kind object-kind
- The object that is to be subject to a change of permissions. Valid object-kinds are vob, element, policy, and rolemap. If more than one object kind is specified, then the values specified by –permission must be valid for all of those object kinds.
- –add principal-name[,…] –permission perm[,…]
- Adds a principal with the specified permission to the specified policy.
- –remove principal-name[,…] –permission perm[,…]
- Removes a principal from the policy. If the –permission option is specified, this command removes only the permissions that are specified by the values of perm[,…]. If more than one principal is specified, the permission that is being removed must be in effect for all principals in the policy; otherwise, the operation fails.
- –modify principal-name[,…] -permission perm[,…]
- Modifies a principal. The specified permissions replace the current permissions for the specified principal(s).
- policy-selector
- The policy that is to be modified.
Reprotecting storage containers
- –validate_pools
- Reprotects storage containers for elements when they are protected by a rolemap that implements the specified policy. You can use this option to fix container protections if an earlier chpolicy operation was interrupted.
Event records and comments
- Default
- Creates one or more event records, with commenting controlled by your .versionvault_profile file (default: –cqe). See the comments reference page. Comments can be edited with chevent.
- –c/omment comment | –cfi/le comment-file-pname |–cq/uery | –cqe/ach | –nc/omment
- Overrides the default with the option you specify. See the comments reference page.
Examples
The UNIX system and Linux examples in this section are written for use in csh. If you use another shell, you may need to use different quoting and escaping conventions.
The Windows examples that include wildcards or quoting are written for use in cleartool interactive mode. If you use cleartool single-command mode, you may need to change the wildcards and quoting to make your command interpreter process the command appropriately.
In cleartool single-command mode, cmd-context represents the UNIX system and Linux shells or Windows command interpreter prompt, followed by the cleartool command. In cleartool interactive mode, cmd-context represents the interactive cleartool prompt.
- Change the definition of VOBAdminPolicy
to permit all users and groups in the VOBAdmins role to create policies
in the VOB.
cmd-context cleartool chpolicy -kind vob -add Role:VOBAdmins -permission Full VOBAdminPolicy