It's all about the answers!

Ask a question

RTC Query: how to permit visibility with the editing restriction, only on chosen queries


Alberto Teodoro (6631733) | asked Sep 23 '14, 8:50 a.m.

Hi all,

I would like to obtain, the modify restriction for some chosen RTC queries, only for some users, that instead can see them.

I try to better explain my purpose: some users, which have normal roles for editing queries, should be not able to modify some set of queries.

I'm partiallly able to reach this behaviour if:

1) I define a role that can't modify query

2) I add this role to a user in Team Area

3) I share the chosen queries only with the Team Area

Now, if the user is also a member of the Project Area, with a role that allows the query modify, the user will be able to modify the queries shared in the Team Area, even if he has the resttriction role in that Team Area.

If the user is only member of the Team Area, he will be able only to read the queries of the Team Area, without reading or editing permissions on the other Project Area queries.

It's normal this behaviour?

Many thanks

Ciao

Alberto

One answer



permanent link
Eric Jodet (6.3k5104120) | answered Sep 23 '14, 11:35 a.m.
JAZZ DEVELOPER
 Hello Alberto,
https://jazz.net/library/article/292
should help you.

the role restricting query edition should be defined at PA level

Hope it helps,
Eric

Comments
Alberto Teodoro commented Sep 23 '14, 12:23 p.m.

Hi Eric,

many thanks.

So it means, generally, that if I apply a role to a user, with write permission at the PA level, this user will inherit all permissions linked to this role, also in the Team Area he belongs to, without the explicit adding of roles in the Team Area, isn't it?
So the Team Area, in this case, can be used only to limit the visibility of the queries.

Instead, if I put the same user, in two different Team Areas, at the same level (not PA level), and in one I give to him the role with write permission and in the other one the role without role permission, I can obtain the behaviour that I ask for, on the same type of objects (WIs), depending of which Team Area the objects belong to (using categories), isn't it?

Ciao

Alberto


Eric Jodet commented Sep 23 '14, 12:27 p.m.
JAZZ DEVELOPER

 Hello Alberto,

that's what the doc tends to say.

However - I would implement this this other way around.
At PA level - deny permission for some operations
At TA level - allow permission - ex: to edit queries

What do you think?

Eric

Your answer


Register or to post your answer.