2 <html lang="en-us" itemscope itemtype="http://schema.org/Article">
5 <meta name="description" content="I've given the "permissions trigger" some thought and would like to formalize the requirements a bit. The new trigger will have the following characteristics: Since multiple groups will be allowed write access to the vob they will need to be...">
6 <meta name="generator" content="Movable Type 5.2.3">
7 <title>Permissions Trigger - Status</title>
8 <link rel="alternate" type="application/atom+xml" title="Recent Entries" href="http://defaria.com/blogs/Status/atom.xml">
9 <link rel="canonical" href="http://defaria.com/blogs/Status/2004/07/permissions-tri.html">
10 <meta name="viewport" content="width=device-width,initial-scale=1">
11 <link rel="stylesheet" href="http://defaria.com/blogs/Status/styles.css">
13 <link rel="stylesheet" href="http://defaria.com/blogs/Status/styles_ie.css">
14 <script src="/mt/mt-static/support/theme_static/rainier/js/html5shiv.js"></script>
17 <link rel="start" href="http://defaria.com/blogs/Status/">
19 <link rel="prev" href="http://defaria.com/blogs/Status/2004/07/ttebucs.html" title="TTE/BUCS">
20 <link rel="next" href="http://defaria.com/blogs/Status/2004/07/permissions-tri-1.html" title="Permissions Trigger">
21 <!-- Open Graph Protocol -->
22 <meta property="og:type" content="article">
23 <meta property="og:locale" content="en-us">
24 <meta property="og:title" content="Permissions Trigger">
25 <meta property="og:url" content="http://defaria.com/blogs/Status/2004/07/permissions-tri.html">
26 <meta property="og:description" content="I've given the "permissions trigger" some thought and would like to formalize the requirements a bit. The new trigger will have the following characteristics: Since multiple groups will be allowed write access to the vob they will need to be...">
27 <meta property="og:site_name" content="Status">
28 <meta property="og:image" content="/mt/mt-static/support/theme_static/rainier/img/siteicon-sample.png">
30 <meta itemprop="description" content="I've given the "permissions trigger" some thought and would like to formalize the requirements a bit. The new trigger will have the following characteristics: Since multiple groups will be allowed write access to the vob they will need to be...">
31 <link itemprop="url" href="http://defaria.com/blogs/Status/2004/07/permissions-tri.html">
32 <link itemprop="image" href="/mt/mt-static/support/theme_static/rainier/img/siteicon-sample.png">
37 <div id="container-inner">
38 <header id="header" role="banner">
39 <div id="header-inner">
40 <div id="header-content">
42 <a href="http://defaria.com/blogs/Status/">
51 <nav role="navigation">
53 <li><a href="http://defaria.com/blogs/Status/">Home</a></li>
62 <div id="content-inner">
63 <ul class="breadcrumb breadcrumb-list">
64 <li class="breadcrumb-list-item"><a href="http://defaria.com/blogs/Status/">Home</a></li>
65 <li class="breadcrumb-list-item">Permissions Trigger</li>
67 <div id="individual-main" class="main" role="main">
68 <article id="entry-1489" class="entry entry-asset asset hentry">
69 <div class="asset-header">
70 <h2 itemprop="name" class="asset-name entry-title">Permissions Trigger</h2>
71 <footer class="asset-meta">
72 <ul class="asset-meta-list">
73 <li class="asset-meta-list-item">Posted on <time datetime="2004-07-19T15:07:12-08:00" itemprop="datePublished">July 19, 2004</time></li>
74 <li class="asset-meta-list-item">by <span class="author entry-author vcard"></span></li>
77 <li class="asset-meta-list-item">in <a itemprop="articleSection" rel="tag" href="http://defaria.com/blogs/Status/ameriquest/">Ameriquest</a></li>
83 <div class="entry-content asset-content" itemprop="articleBody">
84 <p>I've given the "permissions trigger" some thought and would like to formalize the requirements a bit. The new trigger will have the following characteristics:</p>
88 <li>Since multiple groups will be allowed write access to the vob they will need to be added as additional groups on the vob group list. </li>
90 <li>Determination of what users get additional write capability will be on Active Directory groups. IOW you can grant write access to say the CC-PMO group but not specifically to Mike Hrenko who is a member of the CC-PMO group. Additionally CC-PMO would need to appear on the vob group list in this example.</li>
92 <li>The trigger will use CLEARCASE_PRIMARY_GROUP to determine what group the user is. This avoids having to do LDAP lookups and it's the way that Clearcase does it anyway. CLEARCASE_PRIMARY_GROUP will not be used verbatim - if it were then anybody would "fake" out the trigger by merely setting CLEARCASE_PRIMARY_GROUP. Instead "creds" will be called to ascertain the effective primary group.</li>
94 <li>A permissions element will be created that will contain a list of groups, one per line, that are allowed write access from this folder downward. The vob's initial or primary group owner (CC-TTE in the case of Core_automation) will always have write permission. Furthermore the permissions element should be secured such that only vob's primary group owner can modify it. Otherwise other groups could easily modify the permissions element thus granting write permissions to arbitrary groups.</li>
98 <p>Let's see an example of how this will work and how the trigger will respond. Let's assume the following directory structure:</p>
103 Empower <font color="#eeeeee">CC-EAG-AS, CC-EAG-ESB</font>
105 Functions <font color="#eeeeee">CC-EAG-VIP</font><br>
106 Results <font color="#eeeeee">CC-EAG-VMS</font><br>
112 <p>Further let's assume that the permissions element is at the Empower level and contains the groups CC-EAG-AS and CC-EAG-ESB. This says that those two groups (as well as CC-TTE as primary group owners of the vob) have write permission (the ability to checkout) elements from Core_automation/Empower downward. Additionally let's say that we have a permissions element at Empower/Functions that lists CC-EAG-VIP and Empower/Results has a permissions element that lists CC-EAG-VMS. The following can be said:</p>
116 <li>Members of CC-EAG-AS and CC-EAG-ESB have write permissions to Empower, Empower/Functions, Empower/Results and Empower/Common. Further, if new folders are created under Empower, CC-EAG-AS and CC-EAG-ESB will have write permissions to those new folders as well (IOW the write permissions are inherited by new folders that are created)</li>
118 <li>Members of CC-EAG-VIP have write permissions to Empower/Functions and any new folders created under Functions, but they do not have write permissions to Empower/Results nor Empower/Common. Similarly CC-EAG-VMS has write permissions to Empower/Results but not to Empower/Functions nor Empower/Common</li>
122 <p>The pseudo code for the trigger is roughly as follows. Note that the trigger gets fired during checkout of an element only (it is assumed if the user successfully checked out the element then, at the time, he had write permissions and should be allowed to check in the element):</p>
126 $vob_group_owner = GetGroupOwner (vob)
127 $current_group = GetCurrentGroup (CLEARCASE_PRIMARY_GROUP as per "creds")
129 if (permissions element exists in the current folder) {
130 if (IsAMember (Parse ($permissions_element), $current_group) {
131 <<i>allow checkout</i>>
133 <<i>recurse to check parent folder stopping at vob root</i>>
134 <<i>disallow checkout</i>>
141 <nav class="page-navigation entry-navigation pagination content-nav">
142 <ul class="page-navigation-list">
144 <li class="page-navigation-list-item page-navigation-prev"><a rel="prev" href="http://defaria.com/blogs/Status/2004/07/ttebucs.html" title="TTE/BUCS">Previous entry</a></li>
147 <li class="page-navigation-list-item page-navigation-next"><a rel="next" href="http://defaria.com/blogs/Status/2004/07/permissions-tri-1.html" title="Permissions Trigger">Next entry</a></li>
152 <aside id="zenback" class="zenback feedback">
153 Please paste Zenback script code here.
160 <aside class="widgets related" role="complementary">
161 <nav class="widget-search widget">
162 <div class="widget-content">
163 <form method="get" id="search" action="http://defaria.com/mt/mt-search.cgi">
165 <input type="text" name="search" value="" placeholder="Search...">
167 <input type="hidden" name="IncludeBlogs" value="8">
169 <input type="hidden" name="limit" value="20">
170 <button type="submit" name="button">
171 <img alt="Search" src="/mt/mt-static/support/theme_static/rainier/img/search-icon.png">
177 <nav class="widget-archive-category widget">
178 <h3 class="widget-header">Categories</h3>
179 <div class="widget-content">
182 <ul class="widget-list">
185 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/ameriquest/">Ameriquest (99)</a>
193 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/audience/">Audience (3)</a>
201 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/broadcom/">Broadcom (76)</a>
209 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/gpdb/">GPDB (35)</a>
217 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/general-dynamics/">General Dynamics (61)</a>
225 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/general-electric/">General Electric (13)</a>
233 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/hewlett-packard/">Hewlett Packard (13)</a>
241 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/lynuxworks/">LynuxWorks (162)</a>
249 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/pqa/">PQA (35)</a>
257 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/salira/">Salira (79)</a>
265 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/tellabs/">Tellabs (2)</a>
273 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/texas-instruments/">Texas Instruments (31)</a>
285 <nav class="widget-archive-dropdown widget">
286 <h3 class="widget-header">Archives</h3>
287 <div class="widget-content">
289 <option>Select a Month...</option>
291 <option value="http://defaria.com/blogs/Status/2016/02/">February 2016</option>
295 <option value="http://defaria.com/blogs/Status/2014/09/">September 2014</option>
299 <option value="http://defaria.com/blogs/Status/2014/04/">April 2014</option>
303 <option value="http://defaria.com/blogs/Status/2014/03/">March 2014</option>
307 <option value="http://defaria.com/blogs/Status/2013/02/">February 2013</option>
311 <option value="http://defaria.com/blogs/Status/2012/09/">September 2012</option>
315 <option value="http://defaria.com/blogs/Status/2012/08/">August 2012</option>
319 <option value="http://defaria.com/blogs/Status/2012/05/">May 2012</option>
323 <option value="http://defaria.com/blogs/Status/2012/04/">April 2012</option>
327 <option value="http://defaria.com/blogs/Status/2012/02/">February 2012</option>
331 <option value="http://defaria.com/blogs/Status/2012/01/">January 2012</option>
335 <option value="http://defaria.com/blogs/Status/2011/10/">October 2011</option>
339 <option value="http://defaria.com/blogs/Status/2011/07/">July 2011</option>
343 <option value="http://defaria.com/blogs/Status/2010/09/">September 2010</option>
347 <option value="http://defaria.com/blogs/Status/2010/08/">August 2010</option>
351 <option value="http://defaria.com/blogs/Status/2010/04/">April 2010</option>
355 <option value="http://defaria.com/blogs/Status/2010/03/">March 2010</option>
359 <option value="http://defaria.com/blogs/Status/2010/02/">February 2010</option>
363 <option value="http://defaria.com/blogs/Status/2009/05/">May 2009</option>
367 <option value="http://defaria.com/blogs/Status/2009/04/">April 2009</option>
371 <option value="http://defaria.com/blogs/Status/2008/07/">July 2008</option>
375 <option value="http://defaria.com/blogs/Status/2008/05/">May 2008</option>
379 <option value="http://defaria.com/blogs/Status/2008/04/">April 2008</option>
383 <option value="http://defaria.com/blogs/Status/2008/03/">March 2008</option>
387 <option value="http://defaria.com/blogs/Status/2008/02/">February 2008</option>
391 <option value="http://defaria.com/blogs/Status/2008/01/">January 2008</option>
395 <option value="http://defaria.com/blogs/Status/2007/12/">December 2007</option>
399 <option value="http://defaria.com/blogs/Status/2007/11/">November 2007</option>
403 <option value="http://defaria.com/blogs/Status/2007/10/">October 2007</option>
407 <option value="http://defaria.com/blogs/Status/2007/09/">September 2007</option>
411 <option value="http://defaria.com/blogs/Status/2007/08/">August 2007</option>
415 <option value="http://defaria.com/blogs/Status/2007/07/">July 2007</option>
419 <option value="http://defaria.com/blogs/Status/2007/06/">June 2007</option>
423 <option value="http://defaria.com/blogs/Status/2007/05/">May 2007</option>
427 <option value="http://defaria.com/blogs/Status/2007/04/">April 2007</option>
431 <option value="http://defaria.com/blogs/Status/2007/03/">March 2007</option>
435 <option value="http://defaria.com/blogs/Status/2007/01/">January 2007</option>
439 <option value="http://defaria.com/blogs/Status/2006/12/">December 2006</option>
443 <option value="http://defaria.com/blogs/Status/2006/11/">November 2006</option>
447 <option value="http://defaria.com/blogs/Status/2006/10/">October 2006</option>
451 <option value="http://defaria.com/blogs/Status/2006/09/">September 2006</option>
455 <option value="http://defaria.com/blogs/Status/2006/07/">July 2006</option>
459 <option value="http://defaria.com/blogs/Status/2006/06/">June 2006</option>
463 <option value="http://defaria.com/blogs/Status/2006/05/">May 2006</option>
467 <option value="http://defaria.com/blogs/Status/2006/04/">April 2006</option>
471 <option value="http://defaria.com/blogs/Status/2006/03/">March 2006</option>
475 <option value="http://defaria.com/blogs/Status/2006/02/">February 2006</option>
479 <option value="http://defaria.com/blogs/Status/2006/01/">January 2006</option>
483 <option value="http://defaria.com/blogs/Status/2005/12/">December 2005</option>
487 <option value="http://defaria.com/blogs/Status/2005/11/">November 2005</option>
491 <option value="http://defaria.com/blogs/Status/2005/10/">October 2005</option>
495 <option value="http://defaria.com/blogs/Status/2005/09/">September 2005</option>
499 <option value="http://defaria.com/blogs/Status/2005/08/">August 2005</option>
503 <option value="http://defaria.com/blogs/Status/2005/07/">July 2005</option>
507 <option value="http://defaria.com/blogs/Status/2005/06/">June 2005</option>
511 <option value="http://defaria.com/blogs/Status/2005/05/">May 2005</option>
515 <option value="http://defaria.com/blogs/Status/2005/04/">April 2005</option>
519 <option value="http://defaria.com/blogs/Status/2005/03/">March 2005</option>
523 <option value="http://defaria.com/blogs/Status/2005/02/">February 2005</option>
527 <option value="http://defaria.com/blogs/Status/2005/01/">January 2005</option>
531 <option value="http://defaria.com/blogs/Status/2004/12/">December 2004</option>
535 <option value="http://defaria.com/blogs/Status/2004/09/">September 2004</option>
539 <option value="http://defaria.com/blogs/Status/2004/08/">August 2004</option>
543 <option value="http://defaria.com/blogs/Status/2004/07/">July 2004</option>
547 <option value="http://defaria.com/blogs/Status/2004/06/">June 2004</option>
551 <option value="http://defaria.com/blogs/Status/2004/05/">May 2004</option>
555 <option value="http://defaria.com/blogs/Status/2004/04/">April 2004</option>
559 <option value="http://defaria.com/blogs/Status/2004/03/">March 2004</option>
563 <option value="http://defaria.com/blogs/Status/2004/02/">February 2004</option>
567 <option value="http://defaria.com/blogs/Status/2004/01/">January 2004</option>
571 <option value="http://defaria.com/blogs/Status/2003/12/">December 2003</option>
575 <option value="http://defaria.com/blogs/Status/2003/11/">November 2003</option>
583 <div class="widget-syndication widget section">
584 <div class="widget-content">
585 <p><img src="http://defaria.com/mt/mt-static/images/status_icons/feed.gif" alt="Subscribe to feed" width="9" height="9" /> <a href="http://defaria.com/blogs/Status/atom.xml">Subscribe to this blog's feed</a></p>
593 <footer id="footer" role="contentinfo">
594 <div id="footer-inner">
595 <div id="footer-content">
596 <nav role="navigation">
598 <li><a href="http://defaria.com/blogs/Status/">Home</a></li>
604 <p class="license">© Copyright 2016.</p>
605 <p class="poweredby">Powered by <a href="http://www.movabletype.org/">Movable Type</a></p>
611 <script src="http://defaria.com/mt/mt-static/jquery/jquery.min.js"></script>
612 <script src="http://defaria.com/blogs/Status/mt-theme-scale2.js"></script>