It's all about the answers!

Ask a question

Protecting of Query associated with Source Control Precondition

David Beange (111363101) | asked Jan 11 '16, 9:41 a.m.

In CCM 5.0.2 we are using the precondition of "Require Work Items to Match Query" and have a query which is used to verify that the only valid work items are those of a particular type have an estimate and for the current iteration.

We have discovered that some developers are amending the query to allow them to deliver their code against work items that would not have been permitted by the query.

is there a way to prevent the changing of this query. I found the below older question on the forums. Does this mean that if a developer edits the query but as long as they do not try and save it when they try the deliver code the precondition check will then work on the unsaved version of the query?

is there a reccomeneded way to prevent such precondition queries being tampered with?

One answer

permanent link
Ralph Schoon (63.3k33646) | answered Jan 11 '16, 11:32 a.m.
As far as I can tell, you can modify any query - in memory - This is a temporary query and would not get called by your operation behavior. That would only call the saved query, because the query reference is stored in the operation behavior and it should not even be able to see the en memory copy of the query being edited. To change the query, you have to be able to save it.

Two approaches I can think of to make it impossible to save.
1. Create the query as predefined query, if at all possible.
2. Create a team, make you a member with a role and share the query with that team. Remove permission to save queries owned by the team for everyone in that team area.
3. Use this query in the operation behavior

Other users than administrators or you should not be able to edit and save the query.
They won't even be able to see it.

David Beange commented Jan 11 '16, 11:48 a.m.

Hi Ralph. Thanks so the operation Behaviour only acts on the saved query not in Memory when defined it grabs a server copy of the query to use. That was the bit I wasn't too sure about.

Also the permissions to update Operation Behaviour is I guess controlled by the "Save Process Description" part of permitted actions and whichever role has that granted.

But ensuing that the query is also predefind and protected as that is also needed

Ralph Schoon commented Jan 12 '16, 2:10 a.m.

I explained above how to protect it without removing the capability to save their own queries above. Making it predefined requires to do it in the process XML.

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.