Attributes can be customized to create more complex rules.
Rules can use multiple attributes and use substitution strings
as shown in this example. You can create these custom attributes.
- Multiple attribute and value pairs
- Use the + and - operators
to combine attributes. Also, you can create complex rules and store
the results in a single rule. Using the following rule, the IBM® Rational® Synergy Support group can read
and write all defect CRs for the Synergy product.
Scope Attribute Value |
Access |
Permission |
Users and Groups |
Product_Line Type |
Synergy Defect |
Grant |
Read/Write |
Synergy Support |
- Attribute Value = Group substitution
- You can create one rule to define all instances where the attribute
value is the same as the group value. Use the {substitution} value
for both the Attribute value and Users and Groups name. With this
value, you can easily set permissions so that a group can have access
to information specific to that group, as shown in the following example.
Scope Attribute Value |
Access |
Permission |
Users and Groups |
Responsible_Group |
{substitution} |
Grant |
Read/Write |
{substitution} |
- Substring parsing
- Use this feature when the attribute value is not an exact match
for the group value, but a substring of one can be used to derive
the other, or not be used at all.
In the following example, the
ACL uses the value of
Product_Line as a substring
to create a list of groups that have permission to read and write
the CR.
- In the first rule, if the Product_Line=DOORS,
then the groups DOORS_PM, DOORS_PD,
and DOORS_Support have read/write access.
- The second rule shows that CRs with an External Product_Line and
a Contractor_Group beginning with ext_ are
readable by groups that have the substitution string.
- The third rule shows an example of the CR attribute value being
a substring of the Group.
- The last rule is an example of using {substitution} in
the scope but not in the list of users and groups. CRs with Product_Line values
of Public_nnn are readable and
writable by everyone.
Scope Attribute Value |
Access |
Permission |
Users and Groups |
Product_Line |
{substitution} |
Grant |
Read/Write |
{substitution}_PM
{substitution}_PD
{substitution}_Support
|
Product_Line
Contractor_Group
|
External
ext_{substitution}
|
Grant |
Read |
{substitution} |
Product_Line
Contractor_Group
|
External
ext_{substitution}
|
Grant |
Read |
{substitution}_Group |
Product_Line |
Public_{substitution} |
Grant |
Read/Write |
{everyone} |