It's all about the answers!

Ask a question

Build Forge project access control


Jirong Hu (1.5k9295258) | asked Nov 09 '13, 3:33 p.m.
 Hi All

I have all developers in "ccusers" group, and build engineer in another group in our LDAP.

First step, I want to have developers be able to execute certain projects themselves, which we can call it on-demand build. I have the Developer access group maps to our LDAP group ccusers, so when they login, they belongs to Developers group in BF. Now my typical project has objects include Project, Environment, Step, Server, Selector, Library. I want the developer only has the right to run the build then see the result. For all these objects, how shall I set their access group/owner? I want only the "Build Engineer" has the right to modify the project,etc.

Next, I want only developers belong to a certain project be able to execute certain projects. Means I need a project based access control, besides creating project group in LDAP (too much work, not feasible), is there any other way to achieve it.

Thanks
Jirong

One answer



permanent link
Spencer Murata (2.3k115971) | answered Nov 11 '13, 8:19 a.m.
FORUM MODERATOR / JAZZ DEVELOPER
 For the first question, make the Developers group in BF a child of the Build Engineer group.  Then the restrict the permissions on the Dev group.  The permissions are cumulative so the Build Engineers will have same permissions as the Dev group, plus whatever permissions are granted in the Build Engineer group.

The second question is not really possible through LDAP without having that project group.  Since all developers are in the ccusers group, BF cannot parse out which BF project it should belong to.  You could create separate Dev/Build groups for each project subset to restrict visibility of projects, but there would be no way to map that from the LDAP group.  You would really need that project group in LDAP to do what you describe.  You could always manually create the groups in BF and administer that way.  I don't know if that is more or less work than doing the LDAP group.

~Spencer

Comments
Jirong Hu commented Nov 11 '13, 9:13 a.m.

 Hi Spencer


My first question was: which access group should the Project and other objects such as Environment, Step, Server, Library used by the Project belong to, in order to the developers to run the project but can't modify?

e.g. I think I will have to set the Project to Developers group, how about the Step and the rest of objects?

Thanks
Jirong

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.