Branch Visibility

Hi all,

We have requirement in which, a branch should be accessible only to a Unix group. This branch should not be visible to anyone else apart from that group.

We set the branch security "On" and gave the branch permissions as 770. But even in this case, Master role is still able to view the contents inside the branch. Is there a way to restrict this access.

We are using TS 6.5 SP3/Solaris 8

Regards,
Pratheesh

Find more posts tagged with

Comments

kaalraa

Hi all,

We have requirement in which, a branch should be accessible only to a Unix group. This branch should not be visible to anyone else apart from that group.

We set the branch security "On" and gave the branch permissions as 770. But even in this case, Master role is still able to view the contents inside the branch. Is there a way to restrict this access.

We are using TS 6.5 SP3/Solaris 8

Regards,
Pratheesh

Could you please provide the values of both as per your iw.cfg file?

branch_security=off
workarea_security=off

Pratheesh

Below are the entries from iw.cfg

branch_security=true
workarea_security=true

Adam Stoller

Hi all,

We have requirement in which, a branch should be accessible only to a Unix group. This branch should not be visible to anyone else apart from that group.

We set the branch security "On" and gave the branch permissions as 770. But even in this case, Master role is still able to view the contents inside the branch. Is there a way to restrict this access.

We are using TS 6.5 SP3/Solaris 8

Regards,
Pratheesh

A Master is a Master - and as such has access to all branches and workareas - though they might not have access to modify the contents of directories within the workarea if prohibited from doing so at the OS level.

If you don't trust your Masters (and there should be very few of them) - then you probably need a different Master. It's similar to people who have root access on the server - if you don't trust them to be reasonable people, you shouldn't give them root access.

Pratheesh

Hi Ghoti,

I understand you point, however the client is not accepting this explanation.

The issue is that there are some critical customer information available in this branch and the client didn't want anyone else to have access to this branch, eventhough he is a Master.

Anyway, thanks for your information. We will see if there is any other work around for this requirement.

Regards,
Pratheesh.

Adam Stoller

Hi Ghoti,

I understand you point, however the client is not accepting this explanation.

The issue is that there are some critical customer information available in this branch and the client didn't want anyone else to have access to this branch, eventhough he is a Master.

Anyway, thanks for your information. We will see if there is any other work around for this requirement.

Regards,
Pratheesh.

To the best of my knowledge - "Master" in TeamSite is analogous to "root" in the OS -- you might be able to use the iwproxy_access_control_enabled setting in iw.cfg to override this behavior, but I'm not sure it will have any effect with regard to Master users. (Search in the TeamSite Administration Guide for more info on iwproxy_access_control_enabled)

Pratheesh

Thanks, I will check that option...

Pratheesh

To the best of my knowledge - "Master" in TeamSite is analogous to "root" in the OS -- you might be able to use the iwproxy_access_control_enabled setting in iw.cfg to override this behavior, but I'm not sure it will have any effect with regard to Master users. (Search in the TeamSite Administration Guide for more info on iwproxy_access_control_enabled)

Tried this.. but no luck.. Still the master role is able to view the branches.

Ambuj

Tried this.. but no luck.. Still the master role is able to view the branches.

I will suggest you to contact IWOV Support. They might have some idea on this or you may raise a feature request with them.