This technote identifies an issue that can occur in IBM Rational ClearCase where a user is able to successfully run a cleartool rmview -uuid against a view without having the correct credentials to do so.
A cleartool rmview -uuid succeeds on a view for which the user does not own.
The rmview manual pages states the following identity restrictions:
You must have one of the following identities:
* View owner
* root (UNIX and Linux)
* Member of the ClearCase administrators group (ClearCase on Windows)
* Local administrator of the ClearCase LT server host (ClearCase LT on Windows)'
It is possible to run a cleartool rmview -uuid on a view that another user owns. Without any of these permissions any user can run cleartool rmview -uuid on any view.
However, running a normal cleartool rmview <view-name> (without the -uuid argument) is not allowed for the same user and same view.
This issue has been identified as a product defect under APAR PK97847.
Resolving the problem
The defect has been resolved in ClearCase 184.108.40.206, 220.127.116.11 and 18.104.22.168.