Recovering from incorrect policies and rolemaps

If after enabling ACLs (using protectvob -enable_acls), you encounter errors or find problems with the protections, you can fix them by setting the environment variable CCASE_ACL_RECOVERY_MODE to true or TRUE.

When you are logged in to the VOB server host as a VersionVault privileged user (root on UNIX and Linux or any member of the VersionVault group on Windows) or as the VOB owner, if ACLs recovery is enabled, then operations such as lspolicy, lsrolemap, chpolicy, chrolemap, and describe do not perform ACL permission checks. In this login state, you can repair incorrect protections. Disable the environment variable after you fix the lock-outs of permissions.

ACLs recovery mode is effective only for ACL-related operations. For example, the view server disregards the value of CCASE_ACL_RECOVERY_MODE such that an element that is not accessible in a dynamic view because it is protected is still protected when the environment variable is set to TRUE. Similarly, the value of the environment variable has no effect on whether an element is accessible in a snapshot or web view.

In HCL VersionVault Explorer, CCASE_ACL_RECOVERY_MODE is effective only when a VersionVault privileged user examines a local VOB's objects through the "VersionVault Local" node of the VersionVault Navigator.