如何知道哪个用户对 Clearcase 数据库具有写入权限?

How to know which user has write access to Clearcase database?

如何知道哪个用户对Clearcase数据库有写入权限?主要是授权执行check-in,但不只是,比如修改一个定义属性的Clearcase值...

如何获得修改给定 VOB 中某些内容的所有用户标识符的列表?在任何 VOB 中?

Clearcase 中是否存在特定角色和配置文件?或者只是 Unix 根目录?

相关信息: - ClearCase 8.0.1.4 (AIX 1 7) - 仅使用 BASE CLEARCASE,不使用 UCM。

以“VOB and view access control"; the main access criteria is user and groups:

开头

A user's name and group memberships are the principal credentials evaluated by Rational® ClearCase® when access is requested.

因此,作为主要组(键入 id -a 时的第一组)的任何用户都可以访问该 Vob。例如参见“ClearCase won't allow Check-In" (note: the view itself must be correctly protected as well)

在 AIX 上,您可以使用 lsuser to list users of a given group

使用“Access control for elements”查看更多内容。


但是从 ClearCase 9 开始,您还有 ACL authorization:

You can use ACLs to protect the VOB object, policies, rolemaps, and elements (other object types, such as branch types and label types, must be secured by the protection mechanisms of the operating system

您可以设置policies (see cleartool lspolicy), and rolemaps

您使用角色映射来指定承担策略中列出的角色的主体,并将访问控制应用于一个或多个 VOB 对象。

The intention is that you can define a small number of policies that determine ‘how' you apply permissions to objects. You then define a number of rolemaps for each policy describing ‘who' takes on the roles in the policy.

通过列出角色映射 (cleartool lsrolemap),您可以返回组列表,从中可以推断出用户列表:

Role:Reader --> Group:DOMAIN/developers
Role:Manager --> Group:DOMAIN/mgrs
Role:Developer --> User:DOMAIN/danny
Role:Integrator --> Group:DOMAIN/integs
Role:Developer --> Group:DOMAIN/devs
Role:Administrator --> User:DOMAIN/vobadmin