ACL enforcement and enablement for VOBs and VOB objects

ACL enablement

In VersionVault 2.0.0.0 and later, ACL authorization is supported only for VOBs formatted with schema version 80 at feature level 8 or higher. ACL enablement requirements are different for VOBs created at schema 54 or at lower feature levels.

New VersionVault 2.0.0.0 and later VOBs

VOBs created with VersionVault version 2.0.0.0 and later are at schema 81 feature level 9 with ACLs enabled by default. After ACLs are enabled, the VersionVault VOB can be used only with clients and servers that support feature level 8 or higher.

If your VersionVault 2.0.0.0 and later deployment requires a new VOB at feature level 8 that supports clients able to support only up to feature level 7, create the VOB at feature level 7. Then, raise the feature level to level 8. Do not enable ACLs for the VOB.

Existing VersionVault VOBs upgraded to 2.0.0.0 and later

When you upgrade to VersionVault 2.0.0.0 and later, existing VOBs can be raised to feature level 8. However, if you want to enable feature level 8 ACLs on the VOB, you must enable ACLs explicitly by using the cleartool protectvob -enable_acls.

If you encounter errors during the VOB protection operation, run the cleartool vob-sidwalk command to fix the underlying cause. Then, repair the container protection. Run the command as a VersionVault privileged user.

ACL enforcement

• Before ACLs on VersionVault VOBs and VOB objects can be enforced, the VOB must be at feature level 8 with ACLs enabled.
• ACLs are always enforced on rolemaps and policies, regardless of the enforcement setting for other metatypes.
• After a VOB starts enforcing ACLs, you cannot disable ACLs and go back to the previous protection model.

Operating in mixed version environments

VersionVault version 2.0.0.0 and later supports schema version 54, feature level 7 VOBs.

Clients that support only up to feature level 6 can access version 2.0.0.0 and later servers if the servers are not configured for ACL enforcement.