The Security/ACL Subtab

The ACL subtab of the Security tab displays the repository's set of access control list (ACL) entries, also called permissions. Each stream and depot in the repository can have any number of permissions. Note: For this command, "stream" can be a dynamic stream, a workspace stream, or a snapshot.

Each permission controls the ability of a particular user, or a particular set of users, to access that stream or depot.

In this topic:

Opening a Security/ACL Subtab

Choose Admin > Security from the GUI main menu to display the Security tab. Then, click the ACL subtab.

Back to top

Security/ACL Subtab Layout

The table in the ACL subtab includes these columns:

Type	The type of resource to which the permission applies: Stream or Depot.
Resource	The name of the stream or depot to which the permission applies. The permission also applies to (is inherited by) the entire subhierarchy below that resource, but it can be overridden at a lower level. Note: Because permissions are inherited down a depot's stream hierarchy, a permission on a depot is almost equivalent to one on the depot's base stream. The only difference is that a depot permission also affects access to the depot's issues.
Applies To	The user or set of users to which the permission applies: all users with passwords (identified as "authuser" in the AccuRev CLI), all users without passwords ("anyuser" in the CLI), a particular user, or a particular group.
Rights	all: the user(s) can access the resource. none: the user(s) cannot access the resource.
Inheritable	Depot permission: yes: the permission applies to the depot, and also to the depot's entire stream hierarchy. no: the permission applies only to the depot, not to any of the depot's version-controlled elements. Stream permission: yes: the permission applies to the entire subhierarchy below the stream in the Resource column. no: the permission applies only to the stream in the Resource column, not to any lower-level stream.

Back to top

How Individual Commands Use the ACL

The following commands check ACL entries on one or more dynamic streams, workspace streams, or snapshots before proceeding. In the following, 'stream' can be a dynamic stream, workspace stream, or snapshot. If a version is being accessed from stream A, and that version is cross-linked to stream B, AccuRev checks the ACL permissions on stream A only, not on stream B.

• Anchor, Defunct, Populate, Revert to Basis, Revert to Most Recent Version, Update and File Browser searches check the current workspace.
• Annotate, View, and Send to Workspace check the stream of the version being accessed. Send to Workspace also checks the current workspace.
• Promote checks the stream to which the version(s) are being promoted.
• Include from Stream and Clear Rule check both streams involved in the cross-link.
• The various Diff Against ... commands check the streams of both versions being compared.
• Merge checks the workspace/stream in which you're doing the merge, as well as any stream explicitly mentioned on the command line.
• Remove and Reactivate stream check the stream being changed.
• New Workspace, New Stream, and New Snapshot check the specified backing stream for the workspace/stream/snapshot being created.
• Change Stream checks the stream being changed (and, if appropriate, its new backing stream).
• View Streams checks the depot.
• In a Stream Browser tab, Show History checks the selected stream. In a Depots tab, Show History checks the selected depot.

Back to top

Conflicting Permissions

Two or more permissions on a resource can apply to the same user, or to the same stream. In such cases, an all permission overrides one or more none permissions. This makes it easy to implement "all but" access controls.

Example 1: "all but" at the user level

The permissions shown here prevent everyone in the Cupertino group — except for users charlie and jalan — from accessing stream velo.

Example 2: "all but" at the stream level

The permissions shown here restrict the Lowell group to working in the maint stream subhierarchy. Members of this group cannot work with other streams in the velo depot.

Back to top

Working in a Security/Access-Control Subtab

Use the following commands to maintain the set of permissions in the repository's access control list.

Add ACL Entry Change ACL Entry

The same dialog enables you to create a new ACL permission, or to modify an existing one. Resource: Select one of the repository's depots from the Depot listbox. If you want the permission to apply to the depot itself, leave the Set Permission for Stream checkbox cleared. If you want the permission to apply to one of the depot's stream, check the Set Permission for Stream checkbox, and choose a stream from the Stream listbox. If you want the permission to apply to the entire subhierarchy below the specified stream, check the Inheritable checkbox. Security Group: Use the radio buttons (and listboxes) to specify an individual user or a single group to which the permission will apply. (You can't specify multiple users or groups, but you can produce the same effect by creating multiple permissions on the same resource.) Permission: Select all or none from the listbox.

Remove ACL Entry

Deletes the selected entries from the access control list.

Back to top