SCM component access control
I read the following good news from http://jazz.net/blog/index.php/2011/05/23/enhanced-source-control-permissions-in-the-next-release-of-rational-team-concert/
It is not clear if the new component created in individual wokrspace is still not under access control as in 3.0 though.
Can one just mark it as private to get access control or have to change the ownership to a team area?
Currently we have to do regular scanning to identify the new component created and owned by individuals and correct the ownership.
Team areas can now be used to limit read access with a finer granularity than project areas. When you set a component or stream as owned by a team area, you can mark it as private to that team area. Private artifacts are only visible to members of the team area and its descendants. This allows access control to follow the lines of the organizational chart and lessens the need to create project areas solely for permissions.
It is not clear if the new component created in individual wokrspace is still not under access control as in 3.0 though.
Can one just mark it as private to get access control or have to change the ownership to a team area?
Currently we have to do regular scanning to identify the new component created and owned by individuals and correct the ownership.
2 answers
For 3.0.1:
A component always is under access control, and the access control is
determined by what it is owned by, and if it is owned by a team area,
whether it is marked as "private".
When a component is created in a workspace, it is initialized to be
owned by the user that owns that workspace. Similarly, when a component
is created in a stream, it is initialized to be owned by the owner of
that stream.
If a component is owned by a user, it is only visible to that user.
If a component is privately owned by a team area, it is only visible to
members of that team area and child team areas.
If a component is non-privately owned by a team area, its visibility is
controlled by the read-access control of the project area of the team area.
If a component is owned by a project area, its visibility is controlled
by the access control of that project area.
Cheers,
Geoff
On 5/26/2011 2:38 PM, ghu wrote:
A component always is under access control, and the access control is
determined by what it is owned by, and if it is owned by a team area,
whether it is marked as "private".
When a component is created in a workspace, it is initialized to be
owned by the user that owns that workspace. Similarly, when a component
is created in a stream, it is initialized to be owned by the owner of
that stream.
If a component is owned by a user, it is only visible to that user.
If a component is privately owned by a team area, it is only visible to
members of that team area and child team areas.
If a component is non-privately owned by a team area, its visibility is
controlled by the read-access control of the project area of the team area.
If a component is owned by a project area, its visibility is controlled
by the access control of that project area.
Cheers,
Geoff
On 5/26/2011 2:38 PM, ghu wrote:
I read the following good news from
http://jazz.net/blog/index.php/2011/05/23/enhanced-source-control-permissions-in-the-next-release-of-rational-team-concert/
Team areas can now be used to limit read access with a finer
granularity than project areas. When you set a component or stream as
owned by a team area, you can mark it as private to that team area.
Private artifacts are only visible to members of the team area and
its descendants. This allows access control to follow the lines of
the organizational chart and lessens the need to create project areas
solely for permissions.
It is not clear if the new component created in individual wokrspace
is still not under access control as in 3.0 though.
Can one just mark it as private to get access control or have to
change the ownership to a team area?
Currently we have to do regular scanning to identify the new component
created and owned by individuals and correct the ownership.
Comments
Geoff - I see how to do this in 4.0, but how do you make a component team-private in 3.x?
Geoff - which is the permission needed for a role to set visibility of a component to team private in RTC 4.0.1?
It seems to be "modify team area properties" :
But this permission allow user role to modify other team area properities we don't want
Thanks