Project security affects login, including the databases
and interfaces users have access to. These rules apply to both central
and stand-alone modes.
A development database is a regular Rational® Synergy database that is not a
central CR database.
Privileges
The potential privileges of a
user are the union of the global privileges of the user (assigned
outside of projects) and any dynamic privileges (assigned within projects).
Dynamic privileges assigned within projects could be granted to the
user based on project security rules. This is done as follows:
- Find all global privileges pertaining to the user and the groups
of the user.
- Find all dynamic privileges pertaining to the user and the groups
of the user across the project definitions.
- Combine the global and dynamic privileges.
These privileges are called potential privileges because
dynamic privileges are contextual. The user does not have them all
the time. It depends on the context of the CR, so the user could potentially
have them.
When using dynamic privileges with project security,
CR operations are not affected by Rational Synergy
database roles. In particular:
- Rational Synergy database
roles are separate and orthogonal to Rational Change roles, which are stored
in Rational Directory Server.
- Rational Synergy database
roles are only relevant to Rational Change
in allowing access to development databases and for task operations.
- Rational Change cannot
administer Rational Synergy
database roles. That must be done through Rational Synergy. Consequently, the tab is absent.
Database access
Database access is controlled
as follows:
- User can access a central CR database if the user has at least
one potential privilege.
- User can access a development (task) database if the user has
at least one Rational Synergy
database role, as defined by ccm users (it does not
matter which one), and at least one potential privilege.
Interface access
Interface access is controlled
as follows:
- The list of valid interface choices is determined by potential
privileges of a user, according to how the privileges map to interfaces.
- These choices are independent of the database selection.