
Changes the contents of a rolemap



Command type


cleartool subcommand






chrolemap { –role role-name { –add | –remove } principal-name[,...]

[ –c comment | –cfile pname | –cq | –cqe | –nc ] } |

{ –validate_pools }

rolemap-selector ...


The chrolemap command changes the contents of a rolemap. For all elements that are controlled by this rolemap object, the element versions and their storage containers are reprotected (with native operating system file system ACLs) to implement the effective ACL of the new rolemap.



The principal must have the following permissions:
  • read-info on VOB object
  • read-name on the rolemap
  • read-info on the rolemap
  • mod-props on rolemap


An error occurs if one or more of these objects are locked: VOB, rolemap.


(Replicated VOBs only) To change the contents of a rolemap, the replica must master the rolemap. However, you can add and remove protected objects without acquiring mastership.

Options and arguments

Modifying the rolemap

–role role-name
The role to be modified by the addition or removal of principals.
–add principal-name[,…]
Adds a principal to the specified role.
–remove principal-name[,…]
Removes a principal from the role. If role is not associated with any principals, the role name is removed from the rolemap.
The rolemap that is to be modified.

Reprotecting storage containers

Reprotects storage containers for elements when they are controlled by the specified rolemap (this option does not change the rolemap). You can use this option to fix container protections if an earlier chrolemap operation was interrupted.

Event records and comments

Creates one or more event records, with commenting controlled by your .clearcase_profile file (default: –cqe). See the comments reference page. Comments can be edited with chevent.
–c/omment comment | –cfi/le comment-file-pname |–cq/uery | –cqe/ach | –nc/omment
Overrides the default with the option you specify. See the comments reference page.


The UNIX system and Linux examples in this section are written for use in csh. If you use another shell, you might need to use different quoting and escaping conventions.

The Windows examples that include wildcards or quoting are written for use in cleartool interactive mode. If you use cleartool single-command mode, you might need to change the wildcards and quoting to make your command interpreter process the command appropriately.

In cleartool single-command mode, cmd-context represents the UNIX system and Linux shells or Windows command interpreter prompt, followed by the cleartool command. In cleartool interactive mode, cmd-context represents the interactive cleartool prompt.

  • Add the user "joe" to the Developer role

    cmd-context  cleartool chrolemap -role Developer -add user:ibm/joe DevRolemap