Server-level access rights

The server-level access rights you assign to users and groups authorize them to perform specific operations in a particular server configuration.

Understanding server-level access rights

Server-level access rights allow users to perform server administration operations, such as modifying server configurations and viewing logs. Additional rights at the server level include the rights to create projects, create custom fields, control component-level access rights, and perform certain operations specific to the Notification Agent.

The server-level rights you assign to users and groups authorize them to perform specific operations in a particular server configuration. One of the options determines who can and who cannot create projects when the server configuration is running.

Note: Server-level access rights can be assigned only when a server is running.

By default, the Administrators group is assigned all project and server rights. By default, the All Users group has the rights to create projects and review the server configuration and the server log.

Initially, any user who can see a project, view, folder, or item can set the access rights for it. However, project-level, view-level, folder-level, and even item-level rights function hierarchically and may be affected by group privileges.

As users log onto a server configuration, they are identified by their user names and as members of the groups to which they belong. This information is stored as an access token for each user. When users perform operations on objects (projects, views, folders, and items), the client examines these tokens and the access rights for the objects on which the users are performing the operations.

Back to top

Server access rights and operations

The following section lists the common server access rights and the associated operations.

Server operations

View server log

Review, but not change, server log information.

View statistics and licensing information

Review, but not change, statistics information (StarTeam Server 5.4 and earlier). Create license usage files.

View system configuration

Review, but not change, the server configuration options.

Modify system configuration

Change the server configuration options.

Remotely administer server

Lock/unlock the server, restart the server from the client, shut down the StarTeam Server from the client, access the Start/Stop Conversion and Hive Manager vault buttons.

Administer user accounts

Add groups and users.

View system policy

Review, but not change, the password and logon failure options for the server configuration.

Modify system policy

Change the password and logon failure options for the server configuration.

Change server security settings

Set Server access rights. If you change this setting, be sure that you remain one of the users who can change access rights.

View security log

Review, but not change, server log information

StarDisk operations

Create new users

Add new users to sample project.

Replication support

Change user/operation time

Manipulate creation times and user names when using special clients, such as StarTeam Notification Agent.

Project operations

Create projects

Create projects when the Server is running the server configuration.

Customizations

Add/modify database schema

Create customized fields as item properties, or modify a field for an item that can be modified.

Component operations

Administer component-level access rights

Designate the users and groups who can create and apply filters and queries for a specific component in the server configuration.

Back to top

Setting server-level access rights

One of the options determines who can and who cannot create projects when the server configuration is running.

Note: You can assign server access rights only when a server configuration is running.

  1. Open the Server Administration tool and select the server configuration.
  2. Click the Accounts bar and then click (Access Rights ). The Access Rights dialog box opens.
  3. Click New. The Add a User or Group dialog box opens.
  4. Select the user or group to be assigned access rights.
  5. Check Grant, and click OK.

    Caution: Never check Deny unless you are creating an exception.

  6. Select a user or group from the User and Groups list. This enables the various check boxes in the Access Rights dialog box. You can select or clear the appropriate check boxes as needed. If you cannot view the entire Access Rights dialog box, resize the Server Administration tool window.

    Click Select All and Clear All as necessary to speedily check or clear all of the check boxes in the Access Rights dialog box.

    Caution: Clicking Delete under the Users and Groups list removes the selected user or group from the list. As a result, the user or group loses any previously set access rights to the server.

  7. Click OK.

Back to top