Project security affects login, including the databases and interfaces users have access to. These rules apply to both central and stand-alone modes.
A development database is a regular Rational® Synergy database that is not a central CR database.
Privileges
The potential privileges of a user are the union of the global privileges of the user (assigned outside of projects) and any dynamic privileges (assigned within projects) which could be granted to the user based on project security rules. This is done as follows:
- Find all global privileges pertaining to the user and the groups of the user.
- Find all dynamic privileges pertaining to the user and the groups of the user across the project definitions.
- Combine the global and dynamic privileges.
These privileges are called potential privileges because dynamic privileges are contextual. The user does not have them all the time. It depends on the context of the CR, so the user could potentially have them.
When using dynamic privileges with project security, CR operations are not affected by Rational Synergy database roles. In particular:
- Rational Synergy database roles are separate and orthogonal to Rational Change roles, which are stored in Rational Directory Server.
- Rational Synergy database roles are only relevant to Rational Change in allowing access to development databases and for task operations.
- Rational Change cannot administer Rational Synergy database roles. That must be done through Rational Synergy. Consequently, the tab is absent.
Database access
Database access is controlled as follows:
- User can access a central CR database if the user has at least one potential privilege.
- User can access a development (task) database if the user has at least one Rational Synergy database role, as defined by ccm users (it does not matter which one), and at least one potential privilege.
Interface access
Interface access is controlled as follows:
- The list of valid interface choices is determined by potential privileges of a user, according to how the privileges map to interfaces.
- These choices are independent of the database selection.