3190 starteam security explained! ron sauers principal architect borland software corporation
TRANSCRIPT
![Page 1: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/1.jpg)
3190StarTeam Security Explained!
Ron SauersPrincipal Architect
Borland Software Corporation
![Page 2: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/2.jpg)
StarTeam Security?
Help prevent unauthorized access to a StarTeam server by requiring strong passwords.
Use an encrypted connection to secure data as it moves across the network.
Grant or deny access to the assets stored in the repository.
![Page 3: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/3.jpg)
StarTeam Security
Security Model
Access Test Algorithm
Myths
A New Model
StarTeam SDK 2005
Best Practices
![Page 4: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/4.jpg)
StarTeam Security Model
![Page 5: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/5.jpg)
StarTeam Security ModelAccess RightsAccess Control ListAccess Control EntryPrivilegesOwnership
![Page 6: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/6.jpg)
Access RightsPermissions that may be granted or denied
to a specific user or group.
Some are generic, and apply to any type of object (e.g., “See an object and its properties”).
Others apply only to objects of a specific type (e.g., “Check in file”).
![Page 7: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/7.jpg)
Access Rights
Permission.
GENERIC_SEE_OBJECT
FILE_CHECKIN
. . .
![Page 8: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/8.jpg)
Access Control ListDescribes how access rights are granted
and denied to users and groups.
An Access Control List (ACL) is a list of Access Control Entries (ACEs).
The order of the ACEs in an ACL is significant.
![Page 9: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/9.jpg)
Access Control List
Java:
ACE: class AclEntry
ACL: AclEntry[]
.NET:
ACE: class ACE
ACL: class ACL
![Page 10: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/10.jpg)
Access Control Entry
![Page 11: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/11.jpg)
ACEs in the SDK// true for a "Grant" ACE; false for a "Deny" ACE. public boolean isGranted(); // The User or Group for which rights are granted or denied. public int getID(); //true if the ID is a Group ID; false if the ID is a User ID. public boolean isGroupID(); // The access rights that are granted or denied to this user // or group, as a bit mask. public int getPermissionFlags();
![Page 12: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/12.jpg)
ACLs and ACEs
![Page 13: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/13.jpg)
Types of ACLs
Object-Level ACL
Container-Level ACL
Component-Level ACL
![Page 14: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/14.jpg)
Object-Level ACL
An ACL that is explicitly assigned to a given object.
You can assign one to the object underlying any Item (File, ChangeRequest, etc.), or to any Project, View, Folder, PromotionState, Filter or Query.
Access rights assigned to an object apply to that object only.
![Page 15: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/15.jpg)
Object-Level ACL
![Page 16: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/16.jpg)
Object-Level ACL
![Page 17: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/17.jpg)
Object-Level ACLs in the SDK
// Returns the object-level ACL assigned to this object, // or null if this object does not have an object-level ACL. AclEntry[] getACL(); // Sets the object-level ACL for this object. public void setACL(AclEntry[] acl);
![Page 18: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/18.jpg)
Container-Level ACL
An ACL that applies to objects of a given Type (e.g., File or ChangeRequest) within a given container (e.g., Folder, View or Project).
ACLs may be assigned at any level of the StarTeam containment hierarchy.
The ACL found closest to a given object in the containment hierarchy is the one that applies to that object.
![Page 19: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/19.jpg)
Container-Level ACL
![Page 20: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/20.jpg)
Object-Level Folder ACL
![Page 21: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/21.jpg)
Container-Level Folder ACL
![Page 22: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/22.jpg)
Container-Level ACLs in the SDK
// Returns the container-level ACL for objects // of the given type, or null if there is no such // container-level ACL.AclEntry[] getContainerLevelACL(String typeName); // Sets the container-level ACL for objects // of the given type.public void setContainerLevelACL( AclEntry[] acl, String typeName);
![Page 23: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/23.jpg)
Component-Level ACL
An ACL that applies to a StarTeam component (e.g., to the Files component or the Change Request component).
Currently supports access rights on Filters and Queries.
![Page 24: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/24.jpg)
Component-Level ACL
![Page 25: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/25.jpg)
Component-Level ACL
![Page 26: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/26.jpg)
Component-Level ACLs in the SDK
// Returns the component-level ACL for this type,// or null if this type has no component-level ACL.AclEntry[] getComponentLevelACL(); // Sets the component-level ACL for this type.public void setComponentLevelACL(AclEntry[] acl);
![Page 27: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/27.jpg)
Group Privileges
Global access rights that are always granted to members of a specific group.
Override other access rights specified for individual objects or containers.
StarTeam Administrators are typically granted special privileges.
![Page 28: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/28.jpg)
Group Privileges
![Page 29: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/29.jpg)
Group Properties Dialog
![Page 30: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/30.jpg)
System Policy Dialog
![Page 31: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/31.jpg)
Group Privileges in the SDK
// Gets privileges granted to members of this group.public int getPermissionsFlags(); // Returns true if members of this group // are granted the given privilege. public boolean hasPermission(int permission); // Grants the given privilege to members of this group.public void addPermission(int permission); // Revokes the given privilege.public void removePermission(int permission);
![Page 32: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/32.jpg)
Ownership
Most StarTeam objects have an owner.
The owner is automatically granted full access rights.
The actual owner of an object is not displayed anywhere in the StarTeam user interface!
![Page 33: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/33.jpg)
System Policy
![Page 34: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/34.jpg)
Security Model
![Page 35: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/35.jpg)
StarTeam Access Test Algorithm
![Page 36: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/36.jpg)
The StarTeam Access Test Algorithm
To determine whether or not user U has access right R for a particular item I of type T …
A. Test Privileges
B. Test Ownership
C. Find the Relevant ACL
D. Test the ACEs in the ACL
![Page 37: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/37.jpg)
Step A: Test Privileges
1. Check the value of the “Ignore group privileges” System Policy option. If this option is set, then skip the group privilege tests.
2. For each group G of which the user U is a member, check to see if G has been assigned the privilege R. If so, then the access test succeeds, and U is granted access.
3. Otherwise, group privileges do not apply. Continue.
![Page 38: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/38.jpg)
Step B: Test Ownership
1. Check the value of the “Ignore object ownership” System Policy option. If this option is set, then skip the ownership tests.
2. If U is the owner of the object referenced by I, then the access test succeeds, and U is granted access.
3. Otherwise, object ownership does not apply. Continue.
![Page 39: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/39.jpg)
Step C: Find the Relevant ACL
Check for an object-level ACL associated with the ObjectID of I. If found, then it is the relevant ACL.
Otherwise, check F, the parent folder of I, for a
container-level ACL for objects of type T. If there is one, then it is the relevant ACL.
Otherwise, search up the folder hierarchy. If F has a parent folder, then repeat step 2 with F = F’, the parent folder of F.
![Page 40: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/40.jpg)
Find the Relevant ACL …
Otherwise, check the View for a container ACL for objects of type T. If there is one, then it is the relevant ACL.
Otherwise, check the Project for a container ACL for objects of type T. If there is one, then it is the relevant ACL.
Otherwise, then there is no relevant ACL. The access test succeeds, and U is granted access.
![Page 41: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/41.jpg)
Step D: Test the ACEs in the ACL
For each ACE in the relevant ACL …– If the ACE does not apply to U, then skip this
ACE. – If the ACE does not specify access right R,
then skip this ACE. – If the ACE is a “Grant” ACE, then the access
test succeeds, and U is granted access. – If the ACE is a “Deny” ACE, then the access
test fails, and U is denied access.
![Page 42: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/42.jpg)
Test the ACEs in the ACL …
If no ACE in the ACL applies to both U and R, then the access test fails, and U is denied access.
![Page 43: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/43.jpg)
StarTeam Security MythsCommon misconceptions regarding
the StarTeam Security Model.
![Page 44: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/44.jpg)
Myth: Access rights can be assigned to an item.
You are actually assigning access rights to the underlying object that is referenced by the item.
Access rights affect not only the selected item, but also any other items in its share tree that have the same ObjectID.
When an item branches, the ObjectID changes!
![Page 45: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/45.jpg)
Myth: If you don't explicitly specify an access right, it is
granted by default.
This is true only in the rare case when there is no relevant ACL.
Be particularly careful when setting access rights via the StarTeam SDK. An empty array and a null ACL are very different.
![Page 46: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/46.jpg)
Myth: If you don't explicitly specify an access right, that
access right is inherited from the parent container.
There is at most one ACL that is relevant in any given context.
There is never any attempt to somehow combine two ACLs when performing an access test.
![Page 47: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/47.jpg)
Myth: You can determine whether a given access right is granted or denied by looking at
the Access Rights dialog.
The Access Rights dialog shows only those access rights that are explicitly specified on the selected object.
![Page 48: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/48.jpg)
A New Look at Access Rights
Is there an alternate model we might
use to help better understand access
rights?
![Page 49: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/49.jpg)
The Effective ACL
Gather all of the information that is relevant to determining the access rights for a given item.
Represent it in a single, self-contained Effective ACL.
Testing the ACEs in the Effective ACL gives the same results as the full access test algorithm.
![Page 50: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/50.jpg)
Explicit and Implied ACEs
Explicit ACE - explicitly stored in an ACL somewhere in the StarTeam repository (from an object-level ACL or container-level ACL).
Implied ACE - represents security-related information that comes from somewhere outside the relevant ACL.
![Page 51: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/51.jpg)
Implied Privilege ACEs
Test Group Privileges:– For each group G of which the user U is a
member, check to see if G has been assigned the privilege R. If so, then the access test succeeds, and U is granted access.
Group privileges are represented in an effective ACL by including an implied ACE for each group that has been granted privileges.
![Page 52: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/52.jpg)
Implied Ownership ACEs
Test object ownership:– If U is the owner of the object
referenced by I, then the access test succeeds, and U is granted access.
Object ownership is represented in an effective ACL by including an implied ACE that grants full access rights to the user who is the owner of the object.
![Page 53: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/53.jpg)
Implied Deny ACEs
When there is a missing ACE in the ACL:– If no ACE in the ACL applies to both U and R,
then the access test fails, and U is denied access.
Access rights are completely specified if there is some explicit ACE in the ACL that either grants or denies every access right to the All Users group.
Add a single implied ACE to the end of the effective ACL that denies the unspecified rights to the All Users group.
![Page 54: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/54.jpg)
Implied Grant ACEs
When there is no relevant ACL:– If no relevant ACL was not found, then
the access test succeeds, and U is granted access.
Add a single implied ACE to the end of the effective ACL that grants all access rights to the All Users group.
![Page 55: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/55.jpg)
An Example
![Page 56: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/56.jpg)
Benefits of Effective ACL Model
All security-related information that is relevant in a given context is collected and summarized.
Rules that are implied by the access test algorithm are made explicit.
It is always possible to explain the results of any access test in terms of the effective ACEs that were determinative.
![Page 57: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/57.jpg)
Benefits of Effective ACL Model
![Page 58: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/58.jpg)
New Features in StarTeam SDK 2005
![Page 59: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/59.jpg)
New in StarTeam SDK 2005
ISecurableObject
ISecurableContainer
AccessRightsManager
EffectiveACE
AccessTestResults
![Page 60: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/60.jpg)
ISecurableinterface ISecurable {
// Get/set the object-level ACL. AclEntry[] getACL(); void setACL(AclEntry[] acl);
// Performs an access test against this object. boolean hasPermission(int permissions);
// Returns this object's parent container. ISecurableContainer getParentContainer();
// Returns the type of this securable object. Type getType();}
![Page 61: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/61.jpg)
ISecurableObject
// A securable object that has an owner.interface ISecurableObject extends ISecurable { // Returns the userID of the user // who currently owns this object. int getOwner(); // Changes the owner of this object // to the currently logged-on user. void acquireOwnership();}
![Page 62: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/62.jpg)
ISecurableContainer // An object that can have container-level access rights.public interface ISecurableContainer { // Get/set the container-level ACL. AclEntry[] getContainerLevelACL(String typeName); void setContainerLevelACL(AclEntry[] acl, String typeName); // Performs a container-level access test. boolean hasPermission(int permissions, String typeName);
// Returns this object's parent container. ISecurableContainer getParentContainer();}
![Page 63: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/63.jpg)
AccessRightsManager
Provides the following new features:– Determine the effective access rights
in a given context .– Perform access tests against the
effective access rights.
![Page 64: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/64.jpg)
AccessRightsManager
// Determines the effective access rights // for the given securable object.EffectiveACE[] getEffectiveACL(ISecurable obj);
// Performs an access test against // the given effective access rights.public AccessTestResults accessTest(int userID, int permissions, ISecurable obj);
![Page 65: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/65.jpg)
EffectiveACE
// Describes the source of this effective ACEpublic boolean isFromGroupPrivileges();public boolean isFromObjectOwnership();public boolean isFromObjectACL(); public boolean isFromContainerACL(); public boolean isFromMissingACE();public boolean isFromMissingACL();. . .
![Page 66: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/66.jpg)
EffectiveACE
Provides a human-readable description:
These access rights are explicitly granted to members of the "All Users" group in the container-level Access Control List (ACL) for objects of type Change Request defined for Project “StarDraw”.
![Page 67: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/67.jpg)
AccessTestResults
Describes the results of an access test.
Indicates whether the requested access rights were granted or denied.
Also provides an explanation for the decision, expressed relative to the EffectiveACEs.
![Page 68: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/68.jpg)
AccessTestResults
![Page 69: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/69.jpg)
Access Testing in the SDK
![Page 70: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/70.jpg)
Best Practices
Simplify implementation and
maintenance of access rights.
![Page 71: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/71.jpg)
Design with security in mind.
Security requirements are often overlooked when designing the structure of a StarTeam project.
Are there some files that will have different access rights than others?
Are there different groups within the organization that will require access to different subsets of the files?
Changes made early are typically easier to make than changes made to a mature project.
![Page 72: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/72.jpg)
Minimize the number of security control points.
Create as few ACLs as possible.
Every ACL is critical project data that must be maintained over time.
A project that has one container-level ACL for objects of type File is much easier to manage than a project that has a separate object-level ACL for every file.
![Page 73: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/73.jpg)
Secure at the container level.
Set access rights at the container level whenever possible.
This is especially true for items within a Folder.
It is better to have a container-level ACL on a parent folder than it is to have separate object-level ACLs on each item in the folder.
Container-level access rights should be set as high in the containment hierarchy as possible.
![Page 74: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/74.jpg)
Minimize the number of users who can change access rights.
Not all users understand the security model.
Getting it wrong can have serious consequences.
Limit the number of users who have the right to change access rights.
Grant the "Change object access rights" privilege to a single "StarTeam Security Administrators" group.
Never explicitly granted this right in any ACL.
![Page 75: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/75.jpg)
Avoid user-specific ACEs.
A user is granted access rights based on his or her role in the project.
It is better to create a Group whose name reflects the role, and assign access rights to that group
Access rights can be updated by changing group membership, rather than by reviewing and updating ACLs.
Handles a growing team, with multiple users filling the same role.
![Page 76: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/76.jpg)
Avoid ACLs on items that branch.
Access rights are assigned to the underlying object that is referenced by the item.
Two items with the same ObjectID necessarily have the same object-level ACL
Two items with different ObjectIDs have independent ACLs.
When an item branches, it gets a different ObjectID.
Avoid ACLs on Folders that might branch.
![Page 77: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/77.jpg)
A Problem Scenario
Create FolderA. Assign a container-level ACL with the required access rights.
Create a branched view for a parallel development stream. The branched view also has a reference to FolderA, with the same objectID and ACLs.
In the parallel development stream, rename FolderA to FolderB. FolderB has a new objectID, and no longer shares ACLs with the main view.
![Page 78: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/78.jpg)
A Problem Scenario
Anyone changing the properties of a Folder that has assigned ACLs must be aware of the implications with respect to security.
Whenever assigning object-level or container-level access rights to a Folder, ensure that only security administrators are granted the "Modify properties" access right.
![Page 79: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/79.jpg)
Use sharing when it simplifies the implementation.
Conflicting requirements can complicate the access rights implementation.
Assign a container-level ACL to the folder, and override with object-level ACLs on selected files?
Avoid object-level ACLs on individual files.
Create a separate folder with alternate ACL.
Share items between folders.
Do not branch on change!
![Page 80: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/80.jpg)
Consider disabling the object ownership feature.
Owner of an object is automatically granted full access rights.
Owner of an object is not displayed anywhere.
Consider disabling the object ownership test in the System Policy dialog.
Is there a user who should be granted full access rights? Design that into the project.
![Page 81: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/81.jpg)
Questions?
![Page 82: 3190 StarTeam Security Explained! Ron Sauers Principal Architect Borland Software Corporation](https://reader036.vdocument.in/reader036/viewer/2022070407/56649e175503460f94b03547/html5/thumbnails/82.jpg)
Thank You
3190
StarTeam Security Explained!
Please fill out the speaker evaluation
You can contact me further at …[email protected]