Edit policy view
Use this VersionVault Explorer view to modify an existing policy.
Controls in the dialog box
The following controls appear in the dialog box:
| Control name | Control description |
|---|---|
| Edit Policy: <policy_name> | Displays the currently selected policy you are editing. |
| Save | Click to save your changes when you are finished. |
| Principals | In a policy or a rolemap, you specify one or more
principals. The following kinds of principals are supported: User,
Group, Role (granted permission in a policy, mapped to other principal
kinds in a rolemap), Everyone, Owner-user, Owner-group. For users
and groups, we allow identities from the VOB server's domain only:
you cannot specify a user or group from another domain. Group principals
can be any group defined by the operating system of the VOB server;
they are not limited to VOB's primary and supplementary groups. The
Owner-User and Owner-Group principal kinds are interpreted relative
to the controlled object. For example, if the effective ACL from the
rolemap attached to an element grants Owner-Group some permission,
then accounts with membership in the element's group are granted that
permission. Note: You can also rename a principal, copy a principal,
or remove a principal by right-clicking on the principal name and
selecting an option from the context menu. |
| Rolemaps implementing this policy | Click to invoke the Show Rolemaps dialog box which you can use to view or open rolemaps that implement the currently selected policy. |
| Add Principal | Click to add a new principal. After clicking this option, select a principal kind from the option list in the Principal box. These options include: User, Group, Everyone, Owner-User, Owner-Group, and Role. If you select the User or Group option, enter a name for the new User or Group in the adjacent text box and click this option again. After adding a principal, specify permissions for the new principal. |
| Permissions | When the Edit permissions for selected principal(s) option is selected, this section contains the possible permissions for the currently selected principal. You can specify permissions for four resource types: VOB, Element, Policy, and Rolemap. You can grant a principal generic permissions or individual permissions or a combination of both. The generic permissions include Read, Change, and Full. You can think of these as levels of permission, with Change incorporating all of Read and adding in additional permitted operations, and Full enabling yet more operations. The individual permissions are listed below. When the Show a summary of permissions by resource type option is selected, this section contains a listing of the currently specified permissions for selected principal according to resource types. |
| AclRead | Permission to read the dbid of the object's rolemap. |
| read-name | Permission to read name of an object. |
| read-info | Permission to read properties of an object. |
| mod-props | Permission to modify properties of an object (owner, group, fstat permission, event record, and so on.) |
| mod-hlink | Permission to change a hyperlink object. |
| mod-attr | Permission to change an object’s attributes. |
| chmaster | Permission to change mastership of the object. |
| mkrolemap | Permission to create a rolemap. |
| rmelem | Permission to remove a VersionVault source control element and its version history. |
| lock | Permission to lock an object. |
| Delete | Permission to remove an object. |
| mkpolicy | Permission to create a policy. |
| AclWrite | Permission to reprotect the object with a new rolemap. |
| Edit permissions for selected principals | Select this option to view or modify the specified permissions for the currently selected principal. |
| Show a summary of permissions by resource type | Select this option to view the currently specified permissions for the selected principal according to resource type. The resource types are VOB, Element, Policy, and Rolemap. |