Object Ownership

The filter expressions for organizations and collaborative spaces (projects) for policies and rules are executed against the primary and secondary ownership vectors of an object to determine if a user has access to that object.

The Primary Ownership Vector (POV) includes the organization and collaborative space assigned to an object. The Secondary Ownership Vector (SOV) either adds ownership to an explicit organization and project, or adds inherited ownership by referencing another object.

For example, this command adds an explicit SOV: 

mod bus TYPE NAME REV add ownership ORGNAME PROJNAME

This command adds an inherited SOV: 

mod bus TYPE NAME REV add ownership bus TYPE2 NAME2 REV2

You can also define inherited access for an object by specifying an object to inherit access from: 

mod bus TYPE NAME REV add access bus TYPE2 NAME2 REV2

When defining access expressions in policies and rules, use these access privileges:

  • ChangeOwner access to allow a user to change the POV and inherited access for an object
  • ChangeSOV access to allow a user to change explicit SOV and inherited SOV access for an object

This table defines how the various ownership and access values are set for a cloned or revised object:

Operation POV/SOV Regular BO (or root composer) Composee
Clone POV (Org/Project) Login context Org/Project Login context Org/Project
Explicit SOV (Org/Project) Reset (null) Reset (null)
Inherited SOV Reset (null) Reset (null)
Inherited Access Reset (null) Reset (null)
Revise (Major/Minor) POV (Org/Project) Copy Copy
Explicit SOV (Org/Project) Copy Copy
Inherited SOV Reset (null) Reset (null)
Inherited Access Reset (null) Reset (null)