Edit policy view

Use this VersionVault Explorer view to modify an existing policy.

Controls in the dialog box

The following controls appear in the dialog box:

Control name Control description
Edit Policy: <policy_name> Displays the currently selected policy you are editing.
Save Click to save your changes when you are finished.
Principals In a policy or a rolemap, you specify one or more principals. The following kinds of principals are supported: User, Group, Role (granted permission in a policy, mapped to other principal kinds in a rolemap), Everyone, Owner-user, Owner-group. For users and groups, we allow identities from the VOB server's domain only: you cannot specify a user or group from another domain. Group principals can be any group defined by the operating system of the VOB server; they are not limited to VOB's primary and supplementary groups. The Owner-User and Owner-Group principal kinds are interpreted relative to the controlled object. For example, if the effective ACL from the rolemap attached to an element grants Owner-Group some permission, then accounts with membership in the element's group are granted that permission.
Note: You can also rename a principal, copy a principal, or remove a principal by right-clicking on the principal name and selecting an option from the context menu.
Rolemaps implementing this policy Click to invoke the Show Rolemaps dialog box which you can use to view or open rolemaps that implement the currently selected policy.
Add Principal Click to add a new principal. After clicking this option, select a principal kind from the option list in the Principal box. These options include: User, Group, Everyone, Owner-User, Owner-Group, and Role. If you select the User or Group option, enter a name for the new User or Group in the adjacent text box and click this option again. After adding a principal, specify permissions for the new principal.
Permissions When the Edit permissions for selected principal(s) option is selected, this section contains the possible permissions for the currently selected principal. You can specify permissions for four resource types: VOB, Element, Policy, and Rolemap. You can grant a principal generic permissions or individual permissions or a combination of both. The generic permissions include Read, Change, and Full. You can think of these as levels of permission, with Change incorporating all of Read and adding in additional permitted operations, and Full enabling yet more operations. The individual permissions are listed below. When the Show a summary of permissions by resource type option is selected, this section contains a listing of the currently specified permissions for selected principal according to resource types.
AclRead Permission to read the dbid of the object's rolemap.
read-name Permission to read name of an object.
read-info Permission to read properties of an object.
mod-props Permission to modify properties of an object (owner, group, fstat permission, event record, and so on.)
mod-hlink Permission to change a hyperlink object.
mod-attr Permission to change an object’s attributes.
chmaster Permission to change mastership of the object.
mkrolemap Permission to create a rolemap.
rmelem Permission to remove a VersionVault source control element and its version history.
lock Permission to lock an object.
Delete Permission to remove an object.
mkpolicy Permission to create a policy.
AclWrite Permission to reprotect the object with a new rolemap.
Edit permissions for selected principals Select this option to view or modify the specified permissions for the currently selected principal.
Show a summary of permissions by resource type Select this option to view the currently specified permissions for the selected principal according to resource type. The resource types are VOB, Element, Policy, and Rolemap.