abhiravk Posted May 31, 2013 Report Share Posted May 31, 2013 Hi, We are evaluating PlasticSCM to be used in one of our project. After setting respositories we went ahead to tinker with ACL/Permissions, however they are working as expected. We have created 2 groups - administrators & users At repository server level, administrators group has all the permission enabled and 'ALL USERS' has only 'view' & 'read' permission enabled. We have created 2 top level branches. cm find branch on repositories \'rep:main@localhost:8087\' /main /subcontractor Permissions on these 2 branches are as follows, cm sa br:/main ACL: 1 User Permission Allowed Denied InheritedFrom administratorsadvancedquery Yes repserver:foo:8087 administratorsall Yes repserver:foo:8087 administratorsapplyattr Yes repserver:foo:8087 administratorsapplylabel Yes repserver:foo:8087 administratorsapplylink Yes repserver:foo:8087 administratorschangecomment Yes repserver:foo:8087 administratorschgowner Yes repserver:foo:8087 administratorschgperm Yes repserver:foo:8087 administratorsci Yes repserver:foo:8087 administratorsco Yes repserver:foo:8087 administratorsmergefrom Yes repserver:foo:8087 administratorsmkaction Yes repserver:foo:8087 administratorsmkattr Yes repserver:foo:8087 administratorsmkbranch Yes repserver:foo:8087 administratorsmkchildbranch Yes repserver:foo:8087 administratorsmkitem Yes repserver:foo:8087 administratorsmklabel Yes repserver:foo:8087 administratorsmklink Yes repserver:foo:8087 administratorsmkrepository Yes repserver:foo:8087 administratorsmkrevision Yes repserver:foo:8087 administratorsobliterate Yes repserver:foo:8087 administratorsread Yes repserver:foo:8087 administratorsrename Yes repserver:foo:8087 administratorsreplicate Yes repserver:foo:8087 administratorsrm Yes repserver:foo:8087 administratorsunco Yes repserver:foo:8087 administratorsview Yes repserver:foo:8087 ALL USERS read Yes repserver:foo:8087 ALL USERS view Yes repserver:foo:8087 users co Yes -- users read Yes -- users unco Yes -- users view Yes -- cm sa br:/subcontractor/handson administratorsadvancedquery Yes repserver:foo:8087 administratorsall Yes repserver:foo:8087 administratorsapplyattr Yes repserver:foo:8087 administratorsapplylabel Yes repserver:foo:8087 administratorsapplylink Yes repserver:foo:8087 administratorschangecomment Yes repserver:foo:8087 administratorschgowner Yes repserver:foo:8087 administratorschgperm Yes repserver:foo:8087 administratorsci Yes repserver:foo:8087 administratorsco Yes repserver:foo:8087 administratorsmergefrom Yes repserver:foo:8087 administratorsmkaction Yes repserver:foo:8087 administratorsmkattr Yes repserver:foo:8087 administratorsmkbranch Yes repserver:foo:8087 administratorsmkchildbranch Yes repserver:foo:8087 administratorsmkitem Yes repserver:foo:8087 administratorsmklabel Yes repserver:foo:8087 administratorsmklink Yes repserver:foo:8087 administratorsmkrepository Yes repserver:foo:8087 administratorsmkrevision Yes repserver:foo:8087 administratorsobliterate Yes repserver:foo:8087 administratorsread Yes repserver:foo:8087 administratorsrename Yes repserver:foo:8087 administratorsreplicate Yes repserver:foo:8087 administratorsrm Yes repserver:foo:8087 administratorsunco Yes repserver:foo:8087 administratorsview Yes repserver:foo:8087 ALL USERS read Yes repserver:foo:8087 ALL USERS view Yes repserver:foo:8087 users applylabel Yes -- users ci Yes -- users co Yes -- users mergefrom Yes -- users mkaction Yes -- users mkchildbranch Yes -- users mkitem Yes -- users mkrevision Yes -- users read Yes -- users unco Yes -- users view Yes -- With all these permissions set, members of users group can't checkin or mergefrom this branch(br:/subcontractor/handson) I am getting the following message in the server log, 2013-05-31 17:06:10,684 00000000-0000-0000-0000-000000000000 plasticscm at raman-VirtualBox WARN Security - Access denied. Object id:687@rep:6. SEID rama n. Permissions mergefrom 2013-05-31 17:06:10,684 00000000-0000-0000-0000-000000000000 plasticscm at raman-VirtualBox ERROR Operations - Plastic server version: 4.1.10.443 2013-05-31 17:06:10,684 00000000-0000-0000-0000-000000000000 plasticscm at raman-VirtualBox ERROR Operations - OnError catching exception You don't have p ermissions for operation mergefrom. Am I missing something obivious here? My plasticSCM server is setup on Ubuntu 12.10 box. BTW, for experimenting I tried the same thing on another Plastic Server which was setup on windows, it is working fine. Link to comment Share on other sites More sharing options...
manu Posted May 31, 2013 Report Share Posted May 31, 2013 Hi abhiravk! Thanks for the detailed information. I've been testing the scenario and you are right, the operation is cancelled. The explanation is simple, the scenario is not handled/supported by Plastic SCM 4.1. The great thing is that the Plastic SCM 4.2 is having the new security system available. I tested the same scenario under Plastic SCM 4.2 and works like a charm. My recommendation is the following, jump to Plastic SCM 4.2 and give it a try. We are working to have a new security guide but it's not available yet, on the other hand the new security system is much easier then the one you are currently using, and more powerful! Of course if you have any question you can ask us. Link to comment Share on other sites More sharing options...
abhiravk Posted June 3, 2013 Author Report Share Posted June 3, 2013 Thanks for the information. I would like to point out that the same scenario is working on windows server so I hope there is nothing wrong with the scenario. Never-the-less, I'll try 4.2 and update you about the status. Link to comment Share on other sites More sharing options...
abhiravk Posted June 3, 2013 Author Report Share Posted June 3, 2013 Hi Manu, I upgraded my server to 4.2 but same issue is still there. 2013-06-03 19:39:04,598 00000000-0000-0000-0000-000000000000 plasticscm at raman-VirtualBox WARN Security - Access denied. Object path:/open_clovis/OP9500/src/app/hal/packet/src/packet_thread.c. SEID raman. Permissions change, ci 2013-06-03 19:39:04,599 00000000-0000-0000-0000-000000000000 plasticscm at raman-VirtualBox ERROR Operations - Plastic server version: 4.2.31.441 2013-06-03 19:39:04,599 00000000-0000-0000-0000-000000000000 plasticscm at raman-VirtualBox ERROR Operations - OnError catching exception You don't have change, ci permission on /open_clovis/OP9500/src/app/hal/packet/src/packet_thread.c. 2013-06-03 19:39:04,600 plasticscm at ERROR Codice.CM.Server.ExceptionTracerSink - Dumping in-transit exception:You don't have change, ci permission on /open_clovis/OP9500/src/app/hal/packet/src/packet_thread.c. Link to comment Share on other sites More sharing options...
manu Posted June 3, 2013 Report Share Posted June 3, 2013 Quite strange, let us test the scenario again. Sorry for the inconveniences. Link to comment Share on other sites More sharing options...
manu Posted June 3, 2013 Report Share Posted June 3, 2013 Hi again, I didn't read the full message properly. This new error is different. It seems that the permission is restricted for the "/open_clovis/OP9500/src/app/hal/packet/src/packet_thread.c" file. Can you review the path permissions for that item? I can get connected with you in order to reiew the issue. Best regards. Link to comment Share on other sites More sharing options...
abhiravk Posted June 3, 2013 Author Report Share Posted June 3, 2013 Hi, I can share my PC using TeamViewer. Do let me know if it is fine with you. Also let me know your availability(time). I am in India so we need to consider the time difference as well. Link to comment Share on other sites More sharing options...
manu Posted June 3, 2013 Report Share Posted June 3, 2013 Ok, I can send you a GoToMeting link. Is it fine for you at 15:00hrs (IST time)? Link to comment Share on other sites More sharing options...
abhiravk Posted June 3, 2013 Author Report Share Posted June 3, 2013 15:00 hrs is ok with me. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.