Read/write security function

IBM® Rational® Change supports user-defined rules to create, modify, and transition change requests based on user privileges and CR attribute values. Additional security features are provided through a combination of lifecycle and read/write security settings.

These security features provide a method to grant or deny read and write access to a CR based on the group membership of a user.

Lifecycle security
Lifecycle security defines which users have create, modify, and transition permissions for a CR based on attribute values set on the CR, the privileges of the user, or both. The privileges are defined when specifying a security rule.
For example, the security rule that states that a user must have the assigner privilege to transition a CR from the entered state to the assigned state defines the assigner privilege. Security rules can also be based on the state or a specific attribute on a CR. The following rule is an example. If the CR state is entered and the enterer attribute is equal to the current user, the current user can modify the synopsis, severity, and description attributes.
Lifecycle security rules are defined using the Lifecycle Editor and saved within a CR process definition file. Users are assigned a set of privileges. These privileges are mapped to a CR by the lifecycle definition, which ultimately controls creation, attribute modification, and transition permissions for that user.
Lifecycle security process flow
Read/write security
Read/write security defines which groups or individual users have read permissions, write permissions, or both for a CR. This definition is based on attribute values set on the CR and the current group membership of the user.
Unlike lifecycle security, which controls write access to individual attributes on the CR, the read/write security write permission controls general write access to the CR. Users are assigned to a set of groups, which are associated to CR permissions by rules defined in an Access Control List (ACL). ACLs provide the specific rules that are enforced for the groups, users, or both that you specify.
The read/write security rules are applied first to the CR. If the user has write access, then the lifecycle security rules are applied, which determine whether the user can transition the CR or modify specific attributes.
Read/write security process flow
How lifecycle and read/write security work
Lifecycle security and read/write security are complementary in providing a comprehensive security solution:

Lifecycle and read/write security process flow


Feedback