Restricting users from NOT assigning / modifying the already assigned roles in RQM
In RQM v5.0.x relase, we have several users being imported from LDAP into RQM.
Here's 2 roles which were assigned to users..
1) Administrator Role ==>>> has all required permissions and can assign permissions to different users wwhich are imported.
2) TeamAdmin Role ==>> This role has been assigned to few other users where the artifact level permissions are not assigned for few like "Categories"
For example: creating/Modifying/saving categories are restricted for the users assigned the role of "TeamAdmin"
However these users who are assigned the role of "TeamAdmin" are revoking the already assigned roles and get themselves assigned with "Administrator" role, due to which the artifact level permissions gets revoked....
The requirement is NOT TO HAVE these users revoke the already assigned roles to themselves....
Is there a recommended way to get this done?
Here's 2 roles which were assigned to users..
1) Administrator Role ==>>> has all required permissions and can assign permissions to different users wwhich are imported.
2) TeamAdmin Role ==>> This role has been assigned to few other users where the artifact level permissions are not assigned for few like "Categories"
For example: creating/Modifying/saving categories are restricted for the users assigned the role of "TeamAdmin"
However these users who are assigned the role of "TeamAdmin" are revoking the already assigned roles and get themselves assigned with "Administrator" role, due to which the artifact level permissions gets revoked....
The requirement is NOT TO HAVE these users revoke the already assigned roles to themselves....
Is there a recommended way to get this done?
One answer
Make sure that the permission "Process > Save Project Area > Modify a project area > Modify the collection of team members" is _not_ granted to the "TeamAdmin" role. In fact, I would suggest you deny this permission for _all_ roles and leave the privilege to the "Project Administrators" (the true administrators, not a member with some permissions) only.