×

Loading...
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。

不知道这个办法能否行?让大家帮我REVIEW。请改进并说明理由,大家才好学习,谢谢了。

本文发表在 rolia.net 枫下论坛这段东西怎么看都不太顺:

A Practical Solution for ClearCase Access Control

1 Introduction

To my experience, things like security or access control have never been an easy task in today’s software development. Not about the technology, but more about the business requirements. Most of time, it turns up as a long dragged task.

In particular, access control in ClearCase has been such a vague area to me in the first place, maybe just because there are too many facilities available. Or maybe there is no user management system in ClearCase itself.

This article discusses some ClearCase build-in security features such as users and groups, locks, UCM policies and customer build triggers. We also discuss some other features such as PVOB and region which are not initially designed for access control. Because a proper design on PVOB and region can also improve the security of our ClearCase implementation. Using a combination of different set of facilities, this article proposed some practical solutions for ClearCase access control.

To simplify the discussion, this article assumes the ClearCase VOB server and VOB storages are located in a UNIX (AIX) server and most of ClearCase clients are with Windows XP. We also focus on ClearCase UCM implementations rather than base ClearCase.更多精彩文章及讨论,请光临枫下论坛 rolia.net
Report

Replies, comments and Discussions:

  • 工作学习 / English / 不知道这个办法能否行?让大家帮我REVIEW。请改进并说明理由,大家才好学习,谢谢了。
    本文发表在 rolia.net 枫下论坛这段东西怎么看都不太顺:

    A Practical Solution for ClearCase Access Control

    1 Introduction

    To my experience, things like security or access control have never been an easy task in today’s software development. Not about the technology, but more about the business requirements. Most of time, it turns up as a long dragged task.

    In particular, access control in ClearCase has been such a vague area to me in the first place, maybe just because there are too many facilities available. Or maybe there is no user management system in ClearCase itself.

    This article discusses some ClearCase build-in security features such as users and groups, locks, UCM policies and customer build triggers. We also discuss some other features such as PVOB and region which are not initially designed for access control. Because a proper design on PVOB and region can also improve the security of our ClearCase implementation. Using a combination of different set of facilities, this article proposed some practical solutions for ClearCase access control.

    To simplify the discussion, this article assumes the ClearCase VOB server and VOB storages are located in a UNIX (AIX) server and most of ClearCase clients are with Windows XP. We also focus on ClearCase UCM implementations rather than base ClearCase.更多精彩文章及讨论,请光临枫下论坛 rolia.net
    • 不懂你这个专业,所以具体的建议给不出来。但是一般这类科技文章都是用比较客观的口气叙述,不要用那么多主观陈述。
      • Good point. Let me axe all these craps. Just for discussion, I do have something like that before. The reason is I always write something which I think it's purely my idea.
        本文发表在 rolia.net 枫下论坛I have one starts like this:
        Three years ago, I spent about one month to integrate VisualAge® for Java V3.5 with IBM® Rational® ClearCase® as well as a complete solution to build, deploy and test a J2EE project with Apache® Ant. Today I find I need to spend an equivalent amount of time to figure out all this with the new tool, WebSphere® Studio Application Developer V5.1 (hereafter called WSAD).

        Another one starts like this:
        Rational Robot Automation Framework Support (RRAFS), initially developed by Carl Nagle for the SAS Institute, is one of the most popular data/keyword-driven test automation frameworks available today. Having done a few small test automation projects and a lot of online reading, we adopted RRAFS just before starting a large testing project. We knew that with the additional layer of abstraction it offers, it brings test automation within reach for testers who aren't programmers and thus was perfect for our team of nontechnical testers. Still, it took us a few weeks to really become productive with RRAFS. One of the reasons is that because it's still new, it lacks a user guide, samples, and other resources. This article will fill the gap to help you get started with the framework quickly and apply it to testing Web applications. You can visit the main support site for RRAFS for more information.更多精彩文章及讨论,请光临枫下论坛 rolia.net
    • just for your entertainment
      本文发表在 rolia.net 枫下论坛A Practical Solution to ClearCase Access Control

      1 Introduction

      Security and access control have always been among the most difficult issues in contemporary software development. The difficulty lays in business requirements rather than the techniques. If not dealt with carefully, security control can be a long and exhausting task. Specifically, access control in ClearCase is very complicate, partially because there are too many facilities available but ClearCas provides no user management system.

      This article discusses some of ClearCase’s build-in security features, such as users and groups, locks, UCM policies, and customer build triggers. In addition, it discusses other features that are not initially designed for access control, such as PVOB and region, because a proper design of PVOB and region can enhance the security of ClearCase implementation. Using a combination of different sets of facilities, this article proposes some practical solutions to ClearCase access control.

      Through the article, the author assumes that the ClearCase VOB server and VOB storages are located in a UNIX (AIX) server and most clients have Windows XP operating system. Also, the author focuses on ClearCase UCM implementation, rather than base ClearCase.更多精彩文章及讨论,请光临枫下论坛 rolia.net
      • Oh, man, your English is perfect. I just axed as following, but now I really don't know if I should keep it.
        1 Introduction
        This article discusses some ClearCase build-in security features such as users and groups, locks, UCM policies and customer build triggers, plus some other helping facilities such as PVOB and region which are not initially designed for access control. With a proper design and a combination of different set of facilities, this article proposed some practical solutions for ClearCase access control.

        To simplify the discussion, this article assumes the ClearCase VOB server and VOB storages are located in a UNIX (AIX) server and most of ClearCase clients are with Windows XP. We also focus on ClearCase UCM implementations rather than base ClearCase.
    • Combine you two guys' advice, here is the final one. Thanks a lot.
      This article discusses some of ClearCase build-in security features, such as users and groups, locks, UCM policies, and customer build triggers. In addition, it discusses other features that are not initially designed for access control, such as PVOB and region, because a proper design of PVOB and region can enhance the security of ClearCase implementation. Using a combination of different sets of facilities, this article proposes some practical solutions to ClearCase access control.

      Through the article, the author assumes that the ClearCase VOB server and VOB storages are located in a UNIX (AIX) server and most clients have Windows XP operating system. Also, the author focuses on ClearCase UCM implementation, rather than base ClearCase.
    • Very good start. Here is the second section. I believe I can learn a lot from you guys. My English is always a pain in my ass.
      本文发表在 rolia.net 枫下论坛2 Business Requirements
      There are two possible categories of requirements usually push you into the areas of access control in ClearCase, to maintain the system integrity and to facilitate certain software process. In the first category, we want to prevent normal users from doing anything to harm the system, while in the second category we want to allow certain users to have some special rights to drive a certain workflow.
      2.1 Facilitating access controls
      2.1.1 Priority users
      In this case, only certain users can do certain critical tasks in ClearCase. For example, you would like to allow only ClearCase administrators or experienced integrators to change the basic UCM project and stream configurations.
      2.1.2 Restricted areas
      Organizations such as banks normally have higher security requirements for the source controls system. It’s common to have such a requirement that some projects don’t want anyone else other than the project team members to peek into their projects. Here we called this situation as zero-visibility. Means other projects even don’t knows there is such a high secured project existing in ClearCase.
      2.1.3 Read-only access
      For most of other projects, we want to allow the project team members only to have the right to modify their code, but still give read-only right to others. We hereby called this as read-only access. Means you can see what they have but have no right to change anything there.

      There is a good reason to give out the read-only to other projects. In today’s software development, component based and architecture oriented design approach are very common in a lot of large organization such as banks. Most of projects are relying on other project teams’ deliveries, components and sub-systems, which represented as components in ClearCase.更多精彩文章及讨论,请光临枫下论坛 rolia.net
    • Section 2.2
      2.2 Implementing processes
      As a SCM tool, ClearCase plays a very important role in software development lifecycle from beginning to the end. Since most of artifacts are version controlled in ClearCase, who can access to certain resources becomes an integral part of many processes. These processes can be a team integration process, or an official build and release process.

      For example, we are currently having such a build process in our J2EE development:
      1. Any project has code exposed to others will have to put their code in a _Interfaces_src component.
      2. A build script will build this component, create a new jar and store it in /bin directory.
      3. A new baseline will be created on this component and promotion level will be changed.

      To facilitate such a process, some access controls is required:
      1. Nobody else except the “build” id can create a new baseline on this project’s integration stream.
      2. Nobody else except the “build” id can change the baseline promotion level.