Recovering from incorrect policies and rolemaps

If after enabling ACLs (using protectvob -enable_acls), you encounter errors or find problems with the protections, you can fix them by setting the environment variable CCASE_ACL_RECOVERY_MODE to true or TRUE.

When you are logged in to the VOB server host as a ClearCase® privileged user (root on UNIX and Linux or any member of the ClearCase group on Windows) or as the VOB owner, if ACLs recovery is enabled, then operations such as lspolicy, lsrolemap, chpolicy, chrolemap, and describe do not perform ACL permission checks. In this login state, you can repair incorrect protections. Disable the environment variable after you fix the lock-outs of permissions.

ACLs recovery mode is effective only for ACL-related operations. For example, the view server disregards the value of CCASE_ACL_RECOVERY_MODE such that an element that is not accessible in a dynamic view because it is protected is still protected when the environment variable is set to TRUE. Similarly, the value of the environment variable has no effect on whether an element is accessible in a snapshot or web view.

In ClearTeam® Explorer, CCASE_ACL_RECOVERY_MODE is effective only when a ClearCase privileged user examines a local VOB's objects through the "ClearCase Local" node of the ClearTeam Navigator.