Use group security to restrict the check-out and modify
permissions to a specified group of users. In addition, read security,
which limits visibility of source to designated groups, can be specified.
Read security is implemented by providing access control to an object
source attribute. Users can query for objects and see other attributes
regardless of any read restrictions. Read security applies to source
objects which can be versioned, and does not apply to directories
and projects.
Read security does not affect link-based work areas.
Set your database up to deny read access to the database path to
all regular users. To do so, mount the database on a machine that
no one can access. Or, change permissions at the system level so no
one has access to the database path. This setting requires that users
run remote clients. The remote clients can only use copy-based work
areas.
Three different levels of read access security can be defined as
follows:
- Any user can access an object that has no read access restrictions
to its source.
- An object with one or more groups defined for read access only
allows access to the source if the user is a member of at least one
of those groups. All other users are denied access to the source contents
of that object.
- An object with the highest level of security (no access to the
source) restricts users from viewing, checking out, or modifying the
source. Users can only view the other attributes. However, users working
in the ccm_admin role can always view the source
contents of files.
Any object that is checked out inherits the same group security
restrictions as its predecessor, including read security restrictions.
Use the ccm groups command to implement and define
security for objects. Group settings on individual objects can be
viewed or modified in the Rational® Synergy
GUI.