ACL based security

PlasticSCM Professional supports the concept of Access Control Lists (ACLs) for every single object defined in the system. This gives development teams and administrators total freedom to choose any security policy, not being restricted by tool limitations. Permissions can be set for users or groups to create objects, checkout, checkin, change persmissions, and they are inherited in a well-known hierarchy tree, so setting permissions on the top level (i.e. the repository) sets permissions for every object contained there.

If yours is an open environment, then probably security is not a big concern. When a development group becomes a team setting barriers with security is not a good idea. Still, there are always certain assets to protect, depending on the different people accessing your system.There are also many projects in which having such an open set up is not a good idea: staff mobility, big amount of developers, junior staff, among others, require a more secured SCM deployment.

For companies involved in quality validation processes like CMMi(*), it is often required to provide a given level of access control for project assets, which can be easily implemented with Plastic SCM.

That's why in Plastic SCM Professional the security mechanism allows full customization. Everything is possible, from disabling security or giving default access, to fine grane tuning on a per-object basis. The figure below shows a sample permissions dialog for an image file in the repository:

Plastic SCM security system integrates with most modern user directory technologies out of the box providing several authentication methods as well as its own mode:

  • User/Password authentication. users and groups are configured in the server by the administrator, and stored in an internal Plastic database. Very easy to setup for getting up and running in a matter of minutes.

  • Active Directory integration. Provided that clients and servers are inside a Windows Active Directory domain, no questions are asked. Server will get known users from the domain, and clients will transparently validate using Windows integrated authentication against it.

  • LDAP authentication. Two different modes are available. First one allows Unix based clients, or even Windows ones outside the domain, to be authenticated against a PlasticSCM server getting its data from an Active Directory. Native LDAP, on the other hand, allows full authentication against regular LDAP servers, that can be running, for instance, on Solaris.

  • Name authentication. In this mode the Plastic SCM server will retrieve the users from the machine where it is running. Provided that the network set up makes the same users available to both the client and the server, the mechanism will work. This method can be used for NIS based networks.

  • Name + ID authentication. Same as the Name mode, but user id data is also considered. This is the recommended mode for NIS-based netwoks

 

 

Capability Maturity Model Integration (CMMI)® is a registered trademark of Carnegie Mellon University.

 
 
 
 


© 2009 Codice Software. All rights reserved. Contact