SCM: Restrict deliver of given file to some users of a team
Our internal customer came to me with the request of being able to restrict deliver right only for him for a given file in a given component.
ComponentA belongs to TeamA, with User1 and User2
User1 shall be able to deliver example.txt, but User2 not
What would be the best solution to achieve that?
So far I have found the precondition feature on Deliver Phase 2, where I can define the behavior per Role.
This would request me to create a special Role, what seems strange. Team would be in my case better.
Thank you
erwin
ComponentA belongs to TeamA, with User1 and User2
User1 shall be able to deliver example.txt, but User2 not
What would be the best solution to achieve that?
So far I have found the precondition feature on Deliver Phase 2, where I can define the behavior per Role.
This would request me to create a special Role, what seems strange. Team would be in my case better.
Thank you
erwin
Accepted answer
You can create a custom advisor to do that. As Geoff explains there are other means to control permissions. But it is possible to extend RTC.
Here an example: https://rsjazz.wordpress.com/2012/11/01/restrict-delivery-of-changesets-to-workitem-types-advisordelivery-of-changesets-associated-to-wrong-work-item-types-advisor/
You can configure the users and files and store that in a configuration. https://jazz.net/library/article/1000/ shows how to do that. https://rsjazz.wordpress.com/ has more examples for API e.g. to access the logged in user to find out which user tries the deliver for example in https://rsjazz.wordpress.com/2014/05/26/only-owner-can-close-workitem-advisor/
Here an example: https://rsjazz.wordpress.com/2012/11/01/restrict-delivery-of-changesets-to-workitem-types-advisordelivery-of-changesets-associated-to-wrong-work-item-types-advisor/
You can configure the users and files and store that in a configuration. https://jazz.net/library/article/1000/ shows how to do that. https://rsjazz.wordpress.com/ has more examples for API e.g. to access the logged in user to find out which user tries the deliver for example in https://rsjazz.wordpress.com/2014/05/26/only-owner-can-close-workitem-advisor/
One other answer
In RTC, the write permission model is role-based, so all write permissions are defined by role, not by user or team membership. You could certainly ask for this as an enhancement, but you'd need to have a pretty compelling reason, since defining a new role is an available workaround.
Comments
Geoffrey is correct in that that the write permission model is role-based. Generally though this would apply to the 'delivery' of all files in a component and not specific files or folders. I also do not think there is an out-of-the-box advisor/precondition that lets you modify 'who' can deliver specific files/folders in a component (however you could write one as suggested by Ralph.)
Also note that you can right-click on an individual file in the Repository Files view and select "Change Access Control...". This changes the read permission of that specific file, but not the write permission however.