Access control for other VOB objects
Access to VOB objects other than elements is primarily determined by the object's owner and group.
- Metadata types, such as label types, branch types, and attribute types
- Unified Change Management objects, such as projects, activities, and streams
- Storage pools
- Derived objects
- Owner. The initial owner is the user of the process that creates the object.
- Group. The initial group is the primary group of the process that creates the object.
You can use the cleartool describe command to display the owner and group of an object. After the object is created, the object’s owner, the VOB owner, or a privileged user can use the cleartool protect command to change the object’s owner or group. The group of the object must be one of the VOB’s groups.
Permission to create other VOB objects
Any user can create a type or a UCM object. Only the VOB owner or a privileged user can create a storage pool.
- The process has the user identity of the element’s owner.
- Any of the process’s group identities is the same as the element’s group.
- The process has the user identity of the VOB owner.
- The process has the user identity of a privileged user.
Permission to delete other VOB objects
The owner of the object, the owner of the VOB, or a privileged user can delete a type, a UCM object, or a storage pool.
Instances of types, such as labels, branches, and attributes, are usually associated with element versions. In general, if you can create an instance of a type, you can also delete the instance. See Permission to create other VOB objects. In addition, the creator of a branch instance can delete that instance.
Permission to read other VOB objects
Any user can display information about a type, a UCM object, or a storage pool.
Permission to write other VOB objects
Any user can change a UCM object. The owner of the object, the owner of the VOB, or a privileged user can change a type or a storage pool.