ClearCase Support: Recommended VOB Permissions
ClearCase VOB permissions with UNIX groups have always a bit mysterious to most users, so I have decided to write what I recommend ClearCase VOB permissions to be.
First, start off by creating a single UNIX group that _ALL_ users will have as their primary group. Letís call this group as the DEFAULT group. Next, set this DEFAULT group as the primary group for all users on UNIX, Linux, and Windows accounts. Third, set all VOBs (that are not secure) to this group and no other group at this time. Finally, in a View, go to each of the VOBs and change all the elementsí permissions to 777 and in this group.
Thatís it for regular VOBs that you want all users to have access to.
For secure VOBs, create a unique group or groups for these secure VOBs. Change the primary group of these VOBs to this new secure group that you just created. The VOBs secondary group must be the DEFAULT group. Next, change the root directory of the VOB to be in the new secure group and have permissions exactly 770. That means only people in this secure group can access this VOB. All other elements in the VOB should be set to the DEFAULT group and 777 permissions. Finally, add your users to these new secure groups as secondary groups on all usersí accounts for each operating system.
While there are other schemes for setting up ClearCase VOB permissions and their groups, I think I have found what is most optimal to be defined in the paragraphs above. Of course, that means each VOB has only one secure group, which is strongly recommended. Otherwise, if you have different sub-directories with different permissions throughout the VOBs, then they could be easily changed without anyone noticing or remembering that they are different for a good reason.
by Phil B.