Home
Administering
Learn how to administer the product.
Administering HCL VersionVault
Learn about performing administrative tasks for an HCL VersionVault community including managing software licenses, user and group accounts, VersionVault server and client hosts, shared data, and the network that connects them.
VOB and view access control
HCL VersionVault supports a rich set of access controls on versioned objects.
ACL authorization
If access control list (ACL) authorization is enabled, the identities and protection modes for some object types are administered through policies, which define permissions for roles; and rolemaps, which map the roles to principals.
Effective ACLs
When HCL VersionVault enforces access controls in a VOB, it uses an effective ACL for each metatype.

Administering
Learn how to administer the product.
- Administering HCL VersionVault
  Learn about performing administrative tasks for an HCL VersionVault community including managing software licenses, user and group accounts, VersionVault server and client hosts, shared data, and the network that connects them.
  - HCL VersionVault network planning and administration
  - License servers and license administration
    Most HCL VersionVault applications and commands (cleartool commands, for example, or GUIs such as the VersionVault Explorer) require a license to run.
  - Reconfiguring VersionVault to use a different JRE
    When you change the Java Runtime Environment (JRE) for HCL VersionVault, you must reconfigure the product to make it work with the new JRE.
  - Administering the HCL VersionVault registry
    The HCL VersionVault registry is a central repository of information about shared resources such as VOBs and views.
  - HCL VersionVault network administration in mixed environments
    An HCL VersionVault environment that includes hosts that run Windows and hosts that run the UNIX system or Linux is said to be a mixed environment.
  - Overview of security considerations
    As an administrator, you are responsible for the security of your HCL VersionVault deployment.
  - VOB and view access control
    HCL VersionVault supports a rich set of access controls on versioned objects.
    - Users and groups
      A user's name and group memberships are the principal credentials evaluated by HCL VersionVault when access is requested.
    - ACL authorization
      If access control list (ACL) authorization is enabled, the identities and protection modes for some object types are administered through policies, which define permissions for roles; and rolemaps, which map the roles to principals.
      - Policies
        Policies have an Access Control List (ACL) for each controlled VOB metatype (such as element, VOB object, policy, and rolemap).
      - Rolemaps
        You use a rolemap to specify the principals that take on roles listed in a policy, and to apply the access controls to one or more VOB objects.
      - Effective ACLs
        When HCL VersionVault enforces access controls in a VOB, it uses an effective ACL for each metatype.
      - Controlled objects
        The following metatypes are directly controlled by rolemaps: VOB object, policy, rolemap, elements (directory and file).
      - Using GUIs to list or edit policies and rolemaps
        Several GUIs are provided for listing and editing policies and rolemaps.
      - Identities for policies and rolemaps
        In a policy or rolemap, you specify one or more principals.
      - Grantable permissions
        Each metatype has a specific set of operation-based individual permissions, specific to each metatype.
      - Changing permission on an object
        There are several ways to change the effective permissions on a controlled object:
      - Whole VOB protection
        In order to get access to one VOB (for read or write operations), the user account needs the read-info permission on the VOB object's effective access control list.
      - Protected objects and the owner-user and owner-group principals
        An effective ACL (EACL) can reference an indirect principal: the owner-group or owner-user.
      - The access failure log
        You can review the access failure log to identify failed attempts to modify protected VOB objects.
      - Element protection
        The ability to protect directory and file elements with ACLs greatly simplifies authorization administration. The simplification uses multiple groups in element effective ACLs in place of multiple groups in each user's credentials.
      - Recovering from incorrect policies and rolemaps
        If after enabling ACLs (using protectvob -enable_acls), you encounter errors or find problems with the protections, you can fix them by setting the environment variable CCASE_ACL_RECOVERY_MODE to true or TRUE.
    - Non-ACL authorization
      If ACL authorization is not enabled, the identities and protection modes that are defined by the operating system are administered directly.
    - HCL VersionVault and native file-system permissions
      HCL VersionVault requires specific file-system permissions on storage directories for VOBs and dynamic views. These permissions are established when the directories are created and must not be changed.
    - Windows shares for VOB and view storage
      On Windows platforms, VOBs and views that are accessed over the network must be created in a folder that is shared. Windows share permissions control access to shared folders, and must be configured to provide adequate rights to users of VOBs and views.
    - Locks on VOB objects
      Access controls on VOB objects are intended to provide a long-lived access-control mechanism. Temporary access control is also provided through explicit locks on individual VOB objects.
  - VOB administration
    Because VOBs are the principal repository for artifacts under HCL VersionVault control, VOB administration is one of the HCL VersionVault administrator’s most important tasks.
  - VOB datatypes and administrative VOB hierarchies
    There are many types of VOB metadata. Some are unique to a particular VOB, but many must be managed consistently across a group of VOBs that store related artifacts (components of a UCM project, for example). These topics introduce VOB metadata and describe how to use administrative VOB hierarchies to simplify sharing of type objects among related VOBs.
  - Moving VOBs and relocating VOB data
    HCL VersionVault includes tools for moving data and metadata to another VOB and for moving entire VOBs to another disk or host. You may need to use these tools to reorganize VOB directories, redistribute data storage, or rebalance server loads.
  - Views and view administration
    A view provides a workspace where users access versions of file and directory elements that are under HCL VersionVault control. Views can also contain view-private file system objects (such as ordinary files and directories) that are not under HCL VersionVault control.
  - Backing up critical HCL VersionVault data
    Like all databases, VOBs, views, and the HCL VersionVault registry have special backup and restore requirements.
  - Restoring critical HCL VersionVault data
    If you have implemented a sound backup strategy for HCL VersionVault data, it should be easy to restore that data, if necessary.
  - Periodic maintenance
    Periodic attention to storage management and repository integrity is an important administrative function. These topics describe VOB and view storage management tasks, the checkvob utility, and the HCL VersionVault scheduler, which you can use to automate many periodic maintenance chores.
  - Importing data
    HCL VersionVault includes several utilities for importing data from other configuration management systems or directly from the file system itself.
  - Troubleshooting
    These topics cover a variety of procedures that administrators might need to follow to find and fix problems.
  - Improving client host performance
  - Improving VOB host performance
  - Configuring cross-platform file-system access
  - HCL VersionVault and Windows® domains
  - Configuring non-VersionVault access on Linux® or the UNIX system
    You can configure an HCL VersionVault host running Linux® or the UNIX system to support access to VOBs and dynamic views from computers that do not run HCL VersionVault.
  - Configuring HCL VersionVault for high availability
  - Estimating VOB size
    If you can estimate the number of elements, versions, and derived objects that a VOB will ultimately contain, you can compute a very rough estimate of the size of a VOB that can accommodate them. VOB storage includes a database and pools. On Windows®, the database and pools must reside on a single disk partition. On Linux® or the UNIX system, the pools can be located on a different partition or host, using symbolic links.
  - Administering the VersionVault WAN server
  - About VersionVault WAN server parallel view loading
  - Administering and using CMI task-provider integrations
    HCL VersionVault supports integrations with task providers such as HCL Compass through the Change Management Interface (CMI). The integrations require some configuration tasks, after which you can work with UCM activities or base VersionVault branches that are associated with the tasks.
- Administering platforms for HCL VersionVault
  Learn how to perform HCL VersionVault administrative tasks on supported platforms.
- Administering HCL VersionVault MultiSite
  Learn to configure and manage the HCL VersionVault MultiSite environment to support development activities at different locations.

Effective ACLs

When HCL VersionVault enforces access controls in a VOB, it uses an effective ACL for each metatype.

The effective ACL is computed by combining the rolemap and its policy, substituting the role mappings in the rolemap for the role in the policy's ACEs. The net result is an ACL that has no indirect principals and is easy to interpret during an access check.

For example, when this policy

[vob]
user:DOMAIN/backup read
Role:Manager read
Role:Developer read
Role:Integrator read
Role:Administrator Full
[element]
user:DOMAIN/backup read
Role:Manager read
Role:Developer change
Role:Integrator change

is combined with this rolemap

Role:Reader --> Group:DOMAIN/developers
Role:Manager --> Group:DOMAIN/mgrs
Role:Developer --> User:DOMAIN/danny
Role:Integrator --> Group:DOMAIN/integs
Role:Developer --> Group:DOMAIN/devs
Role:Administrator --> User:DOMAIN/vobadmin

resulting effective ACLs for the VOB are

User:DOMAIN/backup read
Group:DOMAIN/mgrs read
User:DOMAIN/danny read
Group:DOMAIN/devs read
Group:DOMAIN/integs read
User:DOMAIN/vobadmin Full

and the effective ACLs for elements are

User:DOMAIN/backup read
Group:DOMAIN/mgrs read
User:DOMAIN/danny change
Group:DOMAIN/devs change
Group:DOMAIN/integs change

You can display the effective ACL of an object using cleartool describe -eacl object-selector.

Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page.