Access control for views and objects they contain
Views enable user access to VOB data. As with VOBs and objects within VOBs, views participate in access control. In a dynamic view, permissions on elements and versions interact with permissions on views and view-private files or directories to control access to both VOB and view data.
For example, you must check out a version of an element before you can modify the element. The element must grant permission to check out a version. In a dynamic view, checking out a version creates a view-private file. You must have permission to create the view-private file in both the view and the directory that contains the file. The containing directory can be either an element version or a view-private directory.
In general,
access to HCL
VersionVault data
in a dynamic view requires a process to pass a series of tests:
- It must have access to the view.
- It must have access to the containing directory.
- It must have access to the element.
In a snapshot view, file-system permissions on the snapshot view directory establish access
rights to files and directories in the snapshot view, including copies of element versions.
Creating, deleting, or modifying elements in a snapshot view requires the process to have the
appropriate permissions for those elements.
Note: On hosts running Linux or the UNIX system, view
access requests from a remote root user are treated as requests from the user
nobody.nobody. See Restricted view access privileges for remote root for details.