Protecting of Query associated with Source Control Precondition
Hi
In CCM 5.0.2 we are using the precondition of "Require Work Items to Match Query" and have a query which is used to verify that the only valid work items are those of a particular type have an estimate and for the current iteration. We have discovered that some developers are amending the query to allow them to deliver their code against work items that would not have been permitted by the query. is there a way to prevent the changing of this query. I found the below older question on the forums. Does this mean that if a developer edits the query but as long as they do not try and save it when they try the deliver code the precondition check will then work on the unsaved version of the query? https://jazz.net/forum/questions/162335/all-users-can-modify-predefined-queries?errno=2 is there a reccomeneded way to prevent such precondition queries being tampered with? |
One answer
Ralph Schoon (63.3k●3●36●46)
| answered Jan 11 '16, 11:32 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
As far as I can tell, you can modify any query - in memory - This is a temporary query and would not get called by your operation behavior. That would only call the saved query, because the query reference is stored in the operation behavior and it should not even be able to see the en memory copy of the query being edited. To change the query, you have to be able to save it.
Two approaches I can think of to make it impossible to save. 1. Create the query as predefined query, if at all possible. 2. Create a team, make you a member with a role and share the query with that team. Remove permission to save queries owned by the team for everyone in that team area. 3. Use this query in the operation behavior Other users than administrators or you should not be able to edit and save the query. They won't even be able to see it. Comments
David Beange
commented Jan 11 '16, 11:48 a.m.
Hi Ralph. Thanks so the operation Behaviour only acts on the saved query not in Memory when defined it grabs a server copy of the query to use. That was the bit I wasn't too sure about.
I explained above how to protect it without removing the capability to save their own queries above. Making it predefined requires to do it in the process XML.
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.