In this scenario, diverse groups within an organization access a common Rational® ClearQuest® user database. Although they all have access to the data, each group has specific queries and charts that it wants to share amongst its members, while being protected from other groups modifying these workspace items. At the same time, each group wants to see the workspace items in the folders of the other groups.
The Security Administrator performs the following steps:
Result: Members of each group can use their group folder as a shared folder, where each group member has permission to modify its contents. All users have Read-Only access to all other group folders.
In this alternate workflow, a group wants a private folder to store workspace items that no other group can see.
The Security Administrator performs the following additional steps:
Result: The Security Administrator or any member of the owning group can create the Private folder in Step 1, but only the Security Administrator can set workspace folder permissions on this folder.
In this alternate workflow, a group is only given access to part of the contents of the Public Queries folder. This may be desired to control access to sensitive data, or to simplify the interface by reducing the scope of user visibility.
This scenario would likely incorporate the alternate workflow described in Scenario 1a to limit cross-group visibility. In addition, the Security Administrator restricts access to non-group folders within the Public Queries folder by performing the following additional steps:
This scenario would likely involve creating additional ClearQuest groups to manage the visibility of the non-group folders, because the appropriate policies would likely cut across group boundaries. For example, all group managers may have Read-Write access to certain folders that non-managers do not.
In this alternate workflow, the Security Administrator hides the existence of other group folders within the Public Queries folder so that users only see the folders that correspond to the groups of which they are a member.
The Security Administrator performs the following additional steps:
Result: Because each group is granted Read-Write permission on their group folder, members only see their group folder inside the Public Queries folder. This step also removes the visibility of workspace items in the root of the Public Queries folder for all users.