Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Hierarquical permissions

Questions
Tags
Users
Badges
Rogério Ramos da Silva
(33512827) Sep 20 '13, 12:00 p.m.
Hi All,

I'm stuck in a RRC 4.0.1 permission dilema. In my mind, the permissions are applied from top to down, or in other words from Project Area to Team Area.
At the Team Area configuration, I've no set any permission believing on roles and permissions cascade. But for my surprise just the Team Configuration were applied to my Team Area, the Project Area Configuration were revoked of my Team Area's Members.

I gave "save revision" to role Author, having not configured any permission on Team Area level, I hope the Project Area's permissions were cascade to my team. In that case the revision icon neither appears.

Is it a bug or my mistake?

Note: The members were only included on team area.

0 votes

1 answer
4,031 views
0 votes

One answer

Permanent link
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER (64.0k33648) Sep 23 '13, 5:52 a.m.
Rogerio,

please carefully study https://jazz.net/library/article/291 to understand how permissions work. Be aware you need to know who owns the object you want to change.

See https://jazz.net/library/article/292 for how operational behavior works.

If you don't understand how this works, the results can be surprising.

0 votes

Comments
Rogério Ramos da Silva
Sep 23 '13, 2:27 p.m.

 Ralph, below I've reproduced my simple example, even through roles or operations seems not to match with my needs. Please help me to see where my eyes didn t get.


User John just reside on team area Analyst X, he got a role inherited from PA - author,
on team area context any other permission was defined.
Performing author role on PA, John could create new artfacts and even create new folder, but asked by his co-worker to help in a revision, the revision icon didn´t appears. I´ve noted the "save revision" is a PA operation, so if John do not make part of PA he can´t play such operations.

My problem is, I want to avoid new folder being created on project´s root folder by analysts, but under the structure already created they are free to use de criativity. How could I configure my project to achive this approach?
If I leave the analysts on project area, they can create folders on project´s root folder, If I move them to a team area they looses the project area permissions.

Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Sep 24 '13, 3:53 a.m.

I don't understand the description of your use case. I don't get the concepts such as revision nor do I understand PA. I would suggest to really thoroughly read the article I mentioned above and try to understand who (Project Area or Team Area) is the owner of the object you try to manipulate, what role the user that tries has in that context and what the user has in the tree above in direction to the project area. Be aware that you can have different roles with different permissions on team and projet area levels and that permissions are accumulated, whereas in operational behavior only the first match is used.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Sep 20 '13, 12:00 p.m.

Question was seen: 4,031 times

Last updated: Sep 24 '13, 3:53 a.m.

Confirmation Cancel Confirm