Create policy view
Use this VersionVault Explorer view to create a new policy.
Controls in the dialog box
The following controls appear in the dialog box:
Control name | Control description |
---|---|
Policy Name | Enter a name for the new policy in the text box. |
Save | Click to save your changes when you are finished. |
Initialize from an existing policy | Click to invoke the Policy Browser where you can select an existing policy to use for initializing the new policy. |
Principals | In a policy, you specify one or more principals.
The following kinds of principals are supported: User, Group, Role
(granted permission in a policy, mapped to other principal kinds in
a rolemap), Everyone, Owner-user, Owner-group. For users and groups,
we allow identities from the VOB server's domain only: you cannot
specify a user or group from another domain. Group principals can
be any group defined by the operating system of the VOB server; they
are not limited to VOB's primary and supplementary groups. The Owner-User
and Owner-Group principal kinds are interpreted relative to the controlled
object. For example, if the effective ACL from the rolemap attached
to an element grants Owner-Group some permission, then accounts with
membership in the element's group are granted that permission. Note: You
can also rename a principal, copy a principal, or remove a principal
by right-clicking on the principal name and selecting an option from
the context menu. |
Rolemaps implementing this policy | Click to invoke the Show Rolemaps dialog box which you can use to view or open rolemaps that implement the currently selected policy. |
Add Principal | Click to add a new principal. After clicking this option, select a principal kind from the option list in the Principal box. These options include: User, Group, Everyone, Owner-User, Owner-Group, and Role. If you select the User or Group option, enter a name for the new User or Group in the adjacent text box and click this option again. After adding a principal, specify permissions for the new principal. |
Permissions | When the Edit permissions for selected principal(s) option is selected, this section contains the possible permissions for the currently selected principal. You can specify permissions for the available resource types such as: VOB, Element, Policy, and Rolemap. You can grant a principal generic permissions or individual permissions or a combination of both. The generic permissions include Read, Change, and Full. You can think of these as levels of permission, with Change incorporating all of Read and adding in additional permitted operations, and Full enabling yet more operations. The individual permissions are listed below. When the Show a summary of permissions by resource type option is selected, this section contains a listing of the currently specified permissions for selected principal according to resource types. |
AclRead | Permission to read the dbid of the object's rolemap. |
read-name | Permission to read name of an object. |
read-info | Permission to read properties of an object. |
mod-props | Permission to modify properties of an object (owner, group, fstat permission, event record, and so on.) |
mod-hlink | Permission to change a hyperlink object. |
mod-attr | Permission to change an object’s attributes. |
chmaster | Permission to change mastership of the object. |
mkrolemap | Permission to create a rolemap. |
rmelem | Permission to remove a VersionVault source control element and its version history. |
lock | Permission to lock an object. |
Delete | Permission to remove an object. |
mkpolicy | Permission to create a policy. |
AclWrite | Permission to reprotect the object with a new rolemap. |
Edit permissions for selected principals | Select this option to view or modify the specified permissions for the currently selected principal. |
Show a summary of permissions by resource type | Select this option to view the currently specified permissions for the selected principal according to resource type, such as VOB, Element, Policy, and Rolemap. |