groups command

You can implement and define security for objects. A database can contain many different collections of objects. Group security restricts check out and modifies permissions to a specified group of users for files, directories, projects, tasks, and folders. In addition, you can specify read security, which limits visibility of the source contents of objects to designated groups.

Access rights for a file are not inherited from a parent directory or project. Such security is not secure in Rational® Synergy because users can add objects to their working projects. Unlike most operating system file systems, a Rational Synergy file can be used by any number of directories or projects. Therefore, access rights to collections of files must be established on each file.

If you work as the group manager, use group security for the following reasons.

A user working in a role that can create objects can restrict access of an object to specified groups. The user can restrict access if the object is the only version and the user can modify that object.

Read security is implemented by providing access control to the source attribute of an object. Users can query for objects and see other attributes regardless of any read restrictions. Read security applies to source objects that can be versioned, and does not apply to directories and projects. However, if you apply read security to an object that is currently in user work areas, those files are still readable by the users.

You can define the following different levels of read access security:

Any object that is checked out inherits the same group security restrictions as its predecessor, including read security restrictions. Read security can be used with copy-based work areas only.

The following examples illustrate how security is applied and used for an object.

If you have a directory in the public state that uses group security and the user is not a member of any of the groups for the directory, the user can still create objects, add them to, or remove them from the directory. Users can easily overwrite changes if you use public directories. Exercise caution when using public directories.

See Database read security for additional information about setting up databases for read security. If you have a directory in the public state that uses group security and the user is not a member of any of the groups for the directory, the user can create objects, add them to, or remove them from the directory. Users can easily overwrite changes if they use public directories; exercise caution when using public directories.

The groups command supports these subcommands.


Feedback