Creating user groups and project security
About this task
- Click Start > All Programs > > IBM Rational > IBM Rational ClearQuest to open the User Administration tool.
- Click Group Action > Add Group. Choose a name for your group and enter it in the Name field. In the Users field select the user IDs of the members of this group. Click Add to add them to the Member Users field.
- Click OK.
- You may wish to create a one or more groups of users who
will be added to the ALMAdmin record. Repeat steps 2 and 3 to create
each such group. Add the user IDs of users who are permitted to create
projects and create and modify records of the following record types
that span projects:
- Category
- Project
- ResolutionCode
- SecurityPolicy
- Record types whose name includes the suffix Label.
Rational® ClearQuest® ALM requires Security Policies (ALMSecurityPolicy records) to control visibility of records associated with projects. You create Rational ClearQuest user groups to control project record visibility based on your organization's policies on sharing information between projects.- The simplest policy is to allow everyone to have visibility to all projects. Feature Level 7 has a built-in group named Everyone that may be used for this situation. (Feature Level 6 also has the Everyone group, however, pre-7.1 clients do not support using the Everyone group as a SecurityPolicy. For Feature Levels level 5 and 6 databases, you should create a group or set of groups that include all the users in your organization (but do not name this group Everyone or it will conflict with the built-in Everyone group of feature level 6 and 7). These groups can then be added to one ALMSecurityPolicy that then allows access to all members in your organization.)
- More complicated security policies create multiple groups of users that have access to only certain projects. Each project then references the appropriate ALMSecurityPolicy that has those groups as members.
- Create groups for SecurityContext as follows:
- All records that reference a project must reference an SecurityPolicy record.
- An SecurityPolicy record has a name and a reference to a user group.
- The SecurityPolicy name is set on the History tab for all records except records supplied by Rational ClearQuest packages other than the ALM package.
- The user ID of everyone who needs to see and work on records associated with that record's SecurityPolicy must be included in the user group associated with the SecurityPolicy referenced by that record type (such as ALMCategory, ALMProject, ALMPhase, ALMIteration, ALMRole, ALMComment, ALMRequest, ALMTask, ALMActivity, BTBuild and ALMWorkConfiguration record types).