I am wondering about transparency between projects in RTC? I have three projects going on right now (1, 2, 3) and I want a stream in project 1 to be visible to the projects 2 & 3. I don't want the projects 2 & 3 to have access to everything in the project 1, just view the stream. Is this possible?

#Sustainability
#Engineering

Jay,

RTC has a very complex security model and it's not something that I can explain easily in a forum post.
I suggest you start from reading https://jazz.net/library/article/215

I think it's important to understand the various source control artifacts and how they relate to each other (e.g. change set, component, baseline, snapshot, stream, repository workspace) before you can answer your own question. Here's a quick overview.

Disclaimer - although I'm not an RTC SCM developer, the following is how I usually explain it to my users. You can view my explanation as a narrative, rather than the absolute truth, much like we're used to seeing on the news these days :-).

Source code artifacts (such as streams and components) have two important properties that you need to take into account. These are ownership and visibility. The first one defines who has write access (usually a process area such as a project area or a team area, or an individual contributor). The second one describes who has read access (i.e. can see the code). Visibility can be set to a process area or individual or access group (i.e. a repository wide, rather than project area specific, equivalent of a team area). A project area also has access control rules that govern who can see the artifacts within it. Unless project areas have the "Everyone" access rule, they are designed to provide a layer of isolation between different project teams.

The code is actually stored in changesets that are "contained" in components. The component is really just a "bag" of changesets (each of the latter knows its predecessor). Therefore, the component doesn't really have structure by itself and you can't just look into a component and see the source in it without an additional construct that gives it structure. One such construct is a baseline. It's effectively a view of all of the source within the component at a particular point in time. So if a component has 100 changesets, only 50 of those may participate within a specific baseline. Configuration objects, such as streams and repository workspaces, group component baselines together and keep track of additional change sets on top of them. A snapshot is simply a collection of baselines (i.e. one baseline per component based on the original configuration object that the snapshot was created from).

So the question becomes who owns your stream and components (can write to them) and who has visibility to them. If Project A owns the stream and components, and your project areas are locked down to only members of the project areas, then unless people from Project B and C are also members of Project A or are in an access group that is defined as the one that has visibility to the stream/components, they won't have visibility to the code. One option you have is to create a stream in project B or C that consumes the same components that are used in Project A. This way, Project A can iterate on the contents of Stream A and when they're ready to share their code with Project B and C, they can baseline their components and Project B and C can "rebaseline" their streams to the same level of code as Project A. The other option is to define an access group that contains all of your developers from Projects A, B and C and make the components and stream visible to that access group. Again, remember that the team that owns Stream A will still be the only one that can write to stream A and if that team only contains Project A developers, the other teams will only be able to see the source but not modify it (unless they have their own streams in their project areas that they are responsible to maintain as I outlined in option one). The third option is to create a separate project area for development that will own all of the source and all of the team members from Projects A, B and C will be defined there. Project specific artifacts can still be defined in segregated project areas but developers will always come back to the Dev project area to do any source code management. Lastly, rather than splitting out all of the project areas, you can use team areas within a single project area to provide you with the isolation you want. That is, you can lock it down so that work items that are categorized for a specific filed against category are only visible to the team area that is associated with that category. The approach that's employed by IBM's SAFe implementation uses team areas within a single project area (program) to represents different "projects" although they don't necessary lock down access to team specific artifacts unless you need that level of security within your organization.  Unless you need a different process (e.g. different work item types, workflows, roles, permissions) to be used by the different project teams, this is the approach I recommend wihin my organization as well.

#Engineering
#Sustainability

Wow! Thank you for your very thorough response, Alex. I will carefully study the links and your response and ask questions as they arise. Thank you!

#Sustainability
#Engineering

BTW, one thing I should've mentioned is that source control artifacts like streams, components and repository workspaces exist in the repository and not within a specific project area.  They do have a referential (rather than containment) relationship with process areas by virtue of their ownership and visibility properties.  You can always reassign a stream or a component to a different process area.  Team areas, on the other hand, are "contained" within a project area and you can't easily move them or clone them into another project area.  When you expand the source control tab in the Team Artifacts navigator, you see a components node, that node simply shows that the components are have an ownership relationship to that project area.  However, they can be consumed by any project area in the repository.  Likewise, for streams under the Source Control tab.  By changing the owner, the stream will happily show up under source control in the new project area.

Lastly, notice that repository workspaces don't appear under a project area or stream.  They show up in your Eclipse client under My Repository Workspaces.  The only thing that ties them to a specific stream or project area is if that repository workspace has a flow target to one or more of the streams that's owned by a specific project area.  Other than that, the repository workspace is completely free form in the repository and it belongs to you.  If you choose Search for Repository workspaces, you see all of the repository workspaces in the repository.  There is no project area mentioned anywhere.

#Engineering
#Sustainability

Hi Alex...

You mentioned that "You can always reassign a stream or a component to a different process area.". So I have the following doubt...Is it possible to move a stream between reporitories? For example, I have two ccm instances registered in a JTS. Can I move a stream from ccm1 to ccm2?

Do you know what I mean?

Since now, thank you so much for your answers.

#Engineering
#Sustainability

Hi Luiz,

Alex said : However, they can be consumed by any project area in the repository.

Repository must be understood as CCM instance, then all operations of transport are valid within same repository only and not for a new CCM instance.

It is my opinion.

Cheers.

Patrice

#Engineering
#Sustainability

Patrice is correct.  Repository = CCM (i.e. application) instance.  Currently, there is no support for moving artifacts from one application instance to another.  We've been asking for "project move" (i.e. moving a project area from one repository to another) and reparenting (i.e. switching an application between JTS instances) for years but SCM is an even bigger beast since the artifacts aren't in a project area as I indicated.  What I usually do if I want to move a snapshot of the code base to another instance is simply load it into my Eclipse workspace, Team->Disconnect from each Eclipse project's context menu and then Team->Share Project to the new server.  This way, I at least have a copy of a snapshot of the code base in the new repository.  I can then delete the stream from the original repository and thus, effective, archive the code (although it will still be there in the components and the baselines can always be added to a new stream in the future).  If the original repository is no longer used, I can shut it off and delete the DB and thus implement the retention policy requirements of deleting stuff that hasn't been used for 7 years.

#Engineering
#Sustainability

Technically, it is possible to copy components between CCM instances using distributed SCM.


From: Alex Akilov
#Engineering
#Sustainability

That's right, thanks Pavel.  See https://jazz.net/library/article/535/.  I believe this was designed primarily for outsourcing scenarios but can probably have other applications such as failover/HA or, possibly, support a server movement scenario.  I haven't personally tried it so don't have the benefit of personal experience with it.

#Engineering
#Sustainability

That's right...thank you all for share your experience...

#Engineering
#Sustainability

Hi All,

We must understand the pros and cons of spliiting the CCM Application. Lets understand the use cases as well before splitting the Application which is on same JTS. I do understand we can also discuss of having multiple JTS as well as multiple Application server.

Distributed SCM provides the capability to replicate SCM data between CCM repositories. For exa, we can have stream-A which is in CCM1 server and Stream-B which is on CCM2 Server.

From a user perspective distributed SCM operates identical to local Jazz SCM, users
–Check in change sets to a repository workspace, Deliver from the repository workspace to a stream ,Accept change sets from a stream into a repository workspace.

but with With distributed SCM a repository workspace and the flow target stream can be in different ccm repositories. The SCM system replicates (copies) the SCM data to the other repository. Distributed SCM creates identical copies of change histories, change sets and changes made.

Again Snapshots are local to a repository that means Snapshots can’t be replicated or transferred (unlike baselines). and No snapshot across multiple CCM repositories.

Thanks & Best Regards

/Manoj Panda

+91 9618772582

#Engineering
#Sustainability

Luiz,

What I was talking about is changing a pointer (i.e. ownership property) of the stream.  What you want to do is move the code base, which entails moving a lot of data that's stored in the DB (i.e. the repository for the CCM application instance).  That's the part that's challenging since data has lots of pointers to it and if you move it, you have to go back and fixup all of the pointers to preserve referential integrity.  This is why IBM hasn't stepped up yet to support these complex data movement scenarios.

#Engineering
#Sustainability

this seems to be a deep dicussions about streams an components,

with many importent points and smart explaination from Alex

i just want to add:

The owned by attribute on streams and components is not the only point where you need to check the settings.

the owned by settings are relevant for: who has the permission to change the settings

if it's about: who has the permission to deliver changes to the component in a stream, you need to check the preconditions on:

processconfiguration, teamconfig, operation behaivior, sourcecontrol, deliver (server),

precondition, restrict deliver to streams and restrict changeset deliver to streams and components

yes, this is hidden deep in the configuration, and the owned by attribute is not relevant for the deliver permission check

#Engineering
#Sustainability

Most certainly.  As I said, the security model is complex with many layers.  My original post was to address the specific question about how to view the contents of a stream that's owned by one project area in another project area.  The technote I referred to goes into the other use cases that allow you more fine grained controls over components, folders and individual files.

#Sustainability
#Engineering