是否可以指定允许谁在文件上设置 ClearCase 属性?
Is it possible to specify who is allowed to set a ClearCase attribute on a file?
正如标题所说:我可以控制哪些用户能够修改 ClearCase 属性吗
基于某种许可系统 file-per-file?
我正在使用 Unix,但了解这是否可行也可能很有趣
在 Windows.
默认权限系统是使用 cleartool 命令描述的用于修改属性的权限系统 value: cleartool mkattr (which is not the same as creating a new attribute type: cleartool mkattype)
ACL authorization
If ACLs are enabled, the principal must have the following permissions:
- To attach an attribute to a policy, rolemap, or VOB: read-info on object, mod-attr on object, read-info on VOB object
- To attach an attribute to a version or element: mod-attr on element, read-info on element, read-info on VOB object
- Other operations: read-info on VOB object, one of the non-ACL authorization identities
Non-ACL authorization
You must have one of the following identities:
- Element owner
- Element group member
- Object owner
- Object group member
- VOB owner
- root (UNIX and Linux)
- Member of the ClearCase administrators group ( ClearCase on Windows)
这适用于 Linux 或 Windows,但取决于您的 ClearCase 版本。
从 ClearCase 8.0.1 开始,您可以激活 ACL:请参阅“ACL enforcement and enablement for VOBs and VOB objects”。
在您的情况下,启用 ACL 会更接近您所看到的:policies, and rolemaps
Policies
Policies have four sections:
- VOB,
- policy,
- rolemap, and
- element.
Each section specifies an access control list, or ACL, which is a list of ACEs.
Each ACE identifies a principal and the permissions granted to that principal.
Policies typically specify Role principals, thereby defining role names used in the policy. Policies can also list specific users or groups.
Rolemaps
Rolemaps assign specific users or groups to the roles defined in the associated policy.
如果未启用 VOB ACL,您也可以使用触发器执行此操作。您可以创建一个元素触发器并仅附加 to.the 个所需的元素。 "mkattr" 是您可以设置触发器的操作之一。
就个人而言,我会使用一个指向包含 "exit 0;" 的简单脚本的预操作触发器,并在 SCRIPT 上设置访问权限,以便只有所需的用户才能执行它。 access/execute preop 触发器的任何失败都被视为失败并阻止操作。如果 "block users" 触发器上的 "allowed users" 列表变得太大,这比 "nusers" 列表更快。
正如标题所说:我可以控制哪些用户能够修改 ClearCase 属性吗 基于某种许可系统 file-per-file?
我正在使用 Unix,但了解这是否可行也可能很有趣 在 Windows.
默认权限系统是使用 cleartool 命令描述的用于修改属性的权限系统 value: cleartool mkattr (which is not the same as creating a new attribute type: cleartool mkattype)
ACL authorization
If ACLs are enabled, the principal must have the following permissions:
- To attach an attribute to a policy, rolemap, or VOB: read-info on object, mod-attr on object, read-info on VOB object
- To attach an attribute to a version or element: mod-attr on element, read-info on element, read-info on VOB object
- Other operations: read-info on VOB object, one of the non-ACL authorization identities
Non-ACL authorization
You must have one of the following identities:
- Element owner
- Element group member
- Object owner
- Object group member
- VOB owner
- root (UNIX and Linux)
- Member of the ClearCase administrators group ( ClearCase on Windows)
这适用于 Linux 或 Windows,但取决于您的 ClearCase 版本。
从 ClearCase 8.0.1 开始,您可以激活 ACL:请参阅“ACL enforcement and enablement for VOBs and VOB objects”。
在您的情况下,启用 ACL 会更接近您所看到的:policies, and rolemaps
Policies
Policies have four sections:
- VOB,
- policy,
- rolemap, and
- element.
Each section specifies an access control list, or ACL, which is a list of ACEs.
Each ACE identifies a principal and the permissions granted to that principal.
Policies typically specify Role principals, thereby defining role names used in the policy. Policies can also list specific users or groups.Rolemaps
Rolemaps assign specific users or groups to the roles defined in the associated policy.
如果未启用 VOB ACL,您也可以使用触发器执行此操作。您可以创建一个元素触发器并仅附加 to.the 个所需的元素。 "mkattr" 是您可以设置触发器的操作之一。
就个人而言,我会使用一个指向包含 "exit 0;" 的简单脚本的预操作触发器,并在 SCRIPT 上设置访问权限,以便只有所需的用户才能执行它。 access/execute preop 触发器的任何失败都被视为失败并阻止操作。如果 "block users" 触发器上的 "allowed users" 列表变得太大,这比 "nusers" 列表更快。