Control Object Access

This article provides the information on varied object access.
cahscm101
This article provides the information on varied object access.
Object Access
You can set varying access permissions for every
CA Harvest SCM
object. Access information is comprised of two parts:
  • Method -- Action that can be taken
  • User group -- Who can perform the action
You can secure some objects through access control: SCM, projects, states, processes, repositories, item paths, items, and form types. Other objects are secured through an object to which they belong. For example, views, packages, and package groups are all secured through the project or state to which they belong.
You use the object properties dialog to grant access to one or more user groups. The access allows members of the groups to perform a particular type of action (method) on the object, for example:
  • At the highest level, access granted to the group Repository Manager allows members to administer repositories.
  • At the process level, access granted to the Developer group Developer allows members to check in and check out files.
Object Access Relationships
Access Category
Object
Based On User Group
Methods
None
None
Administrator
All
Administrative
CA Harvest SCM
Any
Secure SCMAdmin ProjectView ProjectAdmin RepositoryView RepositoryAdmin Form TypeView Form TypeAdmin User/User GroupView User/User Group
Object
Project
Any
ViewUpdateSecureUse
Object
State
 
UpdateUpdate Package
Object
Process
 
Execute
Object
Repository
 
ViewUpdateSecure
Object
Item Path/Item
 
View
Object
Form Type
 
ViewUpdateSecure
You can generate access reports that show the user and user group access in a project (Project Access), and in a repository (Repository Access). The reports use the respective vbscript files ProjAccessRpt.vbs and RepAccessRpt.vbs that are located in CA_SCM_HOME\VB. In these files, initialize the username and password variables with valid admin credentials to generate the reports. (With the installation, the username and password variables are initialized with “harvest”.)
Use the haccess command to generate reports from the command line, or click the Project Access Report or the Repository Access Report icons on the taskbar.
Reports are displayed in table format in the list view.
For more information about the command line (haccess) utility, see the
Reference section.
Access Summary
The following table is a quick reference to the access methods available for each
CA Harvest SCM
object and the actions those methods allow.
Object
Methods
Description
CA Harvest SCM
Secure SCM
Grant access rights to
CA Harvest SCM
objects.
CA Harvest SCM
Admin Project*
Create, delete, view, and set access to projects.
CA Harvest SCM
View Project*
View projects.
CA Harvest SCM
Admin Repository*
Create, delete, view, and set access to repositories.
CA Harvest SCM
View Repository*
View repositories and item/item path properties.
CA Harvest SCM
Admin Form Type
Create, delete, view, and set access to form types.
CA Harvest SCM
View Form Type
View form types.
CA Harvest SCM
Admin User/User Group
Create, delete, edit, and view users and user groups.
CA Harvest SCM
View User/User Group
View users and user groups.
Project
View*
View project and lifecycle, view views, and view packages, package groups, and review requests.
Project
Update*
Edit project, edit, and view lifecycle (states and processes), maintain baseline.
Project
Secure
Grant access rights to project.
Project
Use
View project and lifecycle (states and processes), view views and view packages, view package groups, view review requests, create package groups, create, delete, and update review requests, execute processes (not a sufficient but a necessary requirement for process execution).
State
Update*
Create, edit, delete, and view states and processes.
State
Update Package
Edit packages and forms associated with packages.
Process
Execute
Execute processes.
Repository
View*
View repository, its attributes, its items and item paths.
Repository
Update*
Edit and view repositories, and edit, delete, set view access to items and item paths globally and permanently (Administrator application).
Repository
Secure
Grant access rights to repository.
Item Path/Item
View*
View item or item path.
Form Type
View
View form type.
Form Type
Update
View and modify the properties of a form type.
Note
: Form type modifications are written to files on the local file system. The installation-wide update of a form type is done outside
CA Harvest SCM
. Therefore,
CA Harvest SCM
does not currently require the user to have Update Form Type access to modify form type properties.
Form Type
Secure
Grant access rights to a form type.
*Option is provided to cascade to the aggregate object access control.
Access Hierarchy Summary
SCM-Level
Object-Level
ADMIN PROJECT
is equivalent to UPDATE ACCESS all Projects
ADMIN REPOSITORY
is equivalent to UPDATE ACCESS all Repositories
VIEW PROJECT
is equivalent to VIEW ACCESS all Projects
VIEW REPOSITORY
is equivalent to VIEW ACCESS all Repositories
VIEW FORM TYPE
is equivalent to VIEW ACCESS all Form Types
The following list shows the hierarchical nature of the
CA Harvest SCM
access control system. For example, the line Admin Project shows that Admin Project is higher in the hierarchy than View Project access. Therefore, a user group with Admin Project access implicitly has View Project access.
Admin Project is higher than View Project at the highest level.
Admin Repository is higher than View Repository at the highest level.
Admin User/ Group is higher than View User Group.
Admin Form Type is higher than View Form Type at the highest level.
Update Project is higher than View Project at the project level.
Update Repository is higher than View Repository at the repository level.
Update Project is higher than Update Access at the state level.
Update Project is higher than Update Package at the state level.
Administrator Access Summary
CA Harvest SCM
Administrator access is summarized as follows:
ADMINISTRATOR=SECURE SCM+ADMIN PROJECT+ADMIN REPOSITORY+ADMIN USER/GROUP+ADMIN FORM TYPE