General Security Considerations
The VCS Integration feature works within the native Integration Server or Designer security model. For example, you must be logged on as a valid Integration Server or Designer user to gain access to the VCS Integration commands, and Access Control Lists (ACLs) must be configured to allow you access to the packages, folders, and elements you want to work with in Designer.
Furthermore, a user cannot apply VCS commands to any Integration Server contents other than the packages, folders, and elements displayed within the Package Navigator view of Designer.
VCS commands are applied at the package, folder, and element level only; the user does not directly apply VCS commands to individual files, nor does the user have visibility of individual files in the VCS repository through Designer. Therefore it is not possible for a Designer user to manipulate files in the VCS repository using the VCS Integration feature unless that user has ACL access in Designer to the package, folder, or element containing those files. In this case, the files are manipulated indirectly, as children of the selected package, folder, or element.
Users must be able to log on to the Visual SourceSafe, ClearCase, or Subversion repository with authentication credentials that are different from the Integration Server authentication credentials.