Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Restrict Access to teams not working

Questions
Tags
Users
Badges
Brandy Guillory
(5311925) edited
Nov 04 '14, 1:58 p.m.
I am testing out implementation of a partner(vendor) backend bridge into our RTC project. I have created a role called "vendor". The only access i gave to this role is the ability to generate queries so save/delete query is the only thing green. We have team areas set up for each product on our team that we test/develop for. I used two team members as guinea pigs and stripped their access roles and added the new role i created called "vendor" only.. I added this team member to two seperate product team areas in which i created two defects for as a test to see if they could 1) see ONLY those defects in which they were team members of 2) could not modify them

I had team members create queries in order to see defect data, they not only can see defect data for tools in which they are not assigned to that team area but they can also modify the defects which is NOT what we want.

Under administrator in categories for every product/team area restrict category item visibillity and restrict work item team access is checked

I also tried access control, members in the team hierarchy and access in the users list and listed the two members.
Any of you have an idea of what could be wrong?

0 votes

1 answer
3,162 views
0 votes

Accepted answer

Permanent link
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER (64.0k33648) Nov 05 '14, 4:00 a.m.
Brandy, I have played with restricted access recently and it works. If you check the restrict access in the UI and have a team area associated with the category, only members of that team area (and nested team areas) can see the work items that are filed against this category. Work items that are filed against the project area will be visible to all users.

See: https://jazz.net/library/article/554 and https://jazz.net/library/article/837 for more details.

Please note, if the user has JazzAdmin Role, all work items will be visible.

Please note, that every single user also has the everyone role and permissions accumulate across roles. The permission to change work items would have to be removed from everyone as well. See
https://jazz.net/library/article/291 for how that works.

The visibility of a category has a different purpose, which is for example explained in the Eclipse client. If the check mark is removed, only members of the team associated to the category can see the category, so only these should be able to select it in filed against.
Brandy Guillory selected this answer as the correct answer

1 vote

Comments
Brandy Guillory
Nov 05 '14, 1:12 p.m.

HI Ralph,

Thanks for your response. I read the articles above but still am a little confused. The two users do not have JazzAdmin but one of them is seeing defects of a team area she does not belong to. I will investigate that.I also understand and was able to see the everyone(default) and that is set for others to be able to edit defects. I am beginning to lean towards a new project altogether to seperate from our main project solely for the vendors.

Brandy Guillory
Nov 06 '14, 2:00 a.m.

I think we figured it out further, we stripped access from the everyone role and it seems to be working now! Thanks.

Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Nov 06 '14, 2:00 a.m.

Separate project areas, with access control, are the easiest and most secure way of separating projects and manage access.

For category based read access, it is important to note, that categories that are not checked will be visible to everyone.

Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Nov 06 '14, 2:00 a.m.

Nice to hear. Please accept the answer as correct.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Nov 04 '14, 1:57 p.m.

Question was seen: 3,162 times

Last updated: Nov 06 '14, 2:00 a.m.

Confirmation Cancel Confirm