It's all about the answers!

Ask a question

Operations and Access Control


Bhadri Madapusi (181271) | asked Aug 16 '07, 2:56 p.m.
Hi,

I am trying to define new roles and assign access on operations to these roles.

The scenario I am trying out is to create two roles repository-admin and repository-contributor. The repository-admin role must have access to perform Create/Read/Update/Delete on the stream object and the repository-contributor must have access to perform Read/Update the stream object.

I am unable to create the above access control policy because modifyStream is the only operation I see when I use content assist. Am I missing something or Is there a workaround to create the above policy?

Thanks in advance.

3 answers



permanent link
Jared Burns (4.5k29) | answered Aug 17 '07, 12:25 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
If I understand your request correctly, you would express this
configuration as:

<role id="repository-admin">
<operation id="com.ibm.team.scm.server.modifyStream">
<permissions>
<action id="any"/>
</permissions>
</operation>
</role>
<role id="repository-contributor>
<operation id="com.ibm.team.scm.server.modifyStream">
<permissions>
<action id="modify">
<action id="stream">
<action id="attributes">
<action id="any">
</action>
</action>
</action>
</permissions>
</operation>
</role>


- Jared


bhadrim wrote:
Hi,

I am trying to define new roles and assign access on operations to
these roles.

The scenario I am trying out is to create two roles repository-admin
and repository-contributor. The repository-admin role must have
access to perform Create/Read/Update/Delete on the stream object and
the repository-contributor must have access to perform Read/Update
the stream object.

I am unable to create the above access control policy because
modifyStream is the only operation I see when I use content assist.
Am I missing something or Is there a workaround to create the above
policy?

Thanks in advance.

permanent link
Bhadri Madapusi (181271) | answered Aug 17 '07, 4:33 p.m.
Thanks. Yes something along the lines, but not for the attributes but for the components as shown below. But how can I know the nesting action ids. If it is documented can someone point me to the document. Thanks.

<operation id="com.ibm.team.scm.server.modifyStream">
<permissions>
<action id="modify">
<action id="stream">
<action id="component">
<action id="any"/>
</action>
</action>
</action>
</permissions>
</operation>

permanent link
Jared Burns (4.5k29) | answered Aug 17 '07, 4:46 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Currently, the only way to find out the action ids is to use code-assist
(ctrl+space) in the editor. We realize that this isn't optimal and will
be improving it over time.

- Jared

bhadrim wrote:
Thanks. Yes something along the lines, but not for the attributes but
for the components as shown below. But how can I know the nesting
action ids. If it is documented can someone point me to the document.
Thanks.

operation id="com.ibm.team.scm.server.modifyStream"
<permissions
<action id="modify"
<action id="stream"
<action id="component"
<action id="any"/
</action
</action
</action>
</permissions
/operation

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.