Use group security to restrict the check-out and modify
permissions to a specified group of users. In addition, read security,
which limits visibility of source to designated groups, can be specified.
Read security is implemented by providing access control to an object
source attribute. Users can query for objects and see other attributes
regardless of any read restrictions. Read security applies to source
objects which can be versioned, and does not apply to directories
and projects. Read security does not effect on link-based work
areas.
Set your database up to deny read access to the database path to
all regular users. To do so, mount the database on a machine that
no one can access. Or, change permissions at the system level so no
one has access to the database path. This setting requires that users
run remote clients. The remote clients can only use copy-based work
areas.
Three different levels of read access security can be defined as
an object with:
- No read access restrictions to its source can be accessed by any
user.
- One or more groups defined for read access only allows access
to the source if the user is a member of at least one of those groups.
All other users are denied access to the source contents of that object.
- The highest level of security (no access to the source) cannot
be viewed, checked out, or modified, but other attributes can be viewed.
However, users working in the ccm_admin role can
always view the source contents of files.
Any object that is checked out inherits the same group security
restrictions as its predecessor, including read security restrictions.
Use the ccm groups command to implement and define
security for objects. Group settings on individual objects can be
viewed or modified in the Rational® Synergy
GUI.