Setting up access controls
Based on decisions made by administrators and project managers, the MultiSite administrators at each site configure access control for their site.
About this task
The
administrators and project managers at the Boston, San Francisco, and Tokyo
sites make the following decisions:
- Writers are allowed to request mastership of all branches in /vobs/doc, except for the branches v3.0.doc@@/main , schedule.doc@@/main, and roadmap.doc@@/main .
- Writers are not allowed to request mastership of any branches of type boston_main, tokyo_main, or sanfran_main in /vobs/html.
- Tool developers are allowed to request mastership of all branches of type main in /vobs/html.
Each administrator completes the following steps on the replica’s
VOB server host. (This example takes place at the Boston site.)
- Add writers at other sites to the ACL for /vobs/doc.
- Place the following lines in the file /tmp/doc_acl:
# Replica boston_hub@/vobs/doc # Request for Mastership ACL: User:boston.purpledoc.com/msadm Full User:tokyo.purpledoc.com/masako Change User:tokyo.purpledoc.com/sato Change User:tokyo.purpledoc.com/ito Change User:sf.purpledoc/jcole Change User:sf.purpledoc/marni Change User:sf.purpledoc/david Change - Use the file to set the replica’s ACL:
multitool reqmaster –acl –set /tmp/doc_acl vob:/vobs/doc
- Place the following lines in the file /tmp/doc_acl:
- Add tool developers at other sites to the ACL for /vobs/html.
- Place the following lines in the file /tmp/html_acl:
# Replica boston_hub@/vobs/html # Request for Mastership ACL: User:boston.purpledoc.com/ccadmin Full User:tokyo.purpledoc.com/masako Change User:sf.purpledoc/david Change - Use the file to set the replica’s ACL:
multitool reqmaster –acl –set /tmp/html_acl vob:/vobs/htmlNote: After you set the ACL, you can delete the temporary ACL files you created.
- Place the following lines in the file /tmp/html_acl:
- Deny mastership requests for specific branches and branch types:
multitool reqmaster –deny /vobs/doc/plans/v3.0.doc@@/main /vobs/doc/plans/schedule.doc@@/main /vobs/doc/plans/roadmap.doc@@/mainmultitool reqmaster –deny –instances brtype:boston_main@/vobs/htmlmultitool reqmaster –deny brtype:boston_main@/vobs/html - Enable requests for mastership at the replica level.
multitool reqmaster –enable vob:/vobs/doc vob:/vobs/html