Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

how to make the partner only can access work items created by themselves?

Hi Guys,

   We have a project for development team to use, and now manager team wants to use the same project as interface to let the third party to submit defect WI as well. But considering security issue, they want the third party can only access the work item created by themselves, or the work items assigned to them. They should not access other work items not meet these two conditions. At the same time, Development team can access any work item no matter it is created by themselves or by third party. For query result, it should be the same requirement. We should not expose title for any work item as well.

    But currently, RTC way for restriction is to let specific team to access specific work item.

    How could we meet this requirement?

    In fact, I think it is safer to make interface between third party implemented in another project. But manager team think it is troublesome to let development team to maintain two projects and move work item content from one to the other and vice versa.

     Thanks!
     
Best Regards,
Jane Zhou

0 votes



One answer

Permanent link

 Jane,


there are basically the following ways of read access control to work items:

1. By access to a project area e.g. by being a member
2. Using categories: https://jazz.net/library/article/554

There is no simple only the owner can read the work item. I would suggest to consider a project area where the partner(s) can file their requests and then dealing with that e.g. by having developers using these items or creating proxy items in the project area e.g. for planning.

Alternatively you would have to create a follow up action that sets the restricted access attribute of the work items. This can be done like explained here: https://rsjazz.wordpress.com/2016/02/02/setting-access-control-permissions-for-work-items/ .

A user can only see the access groups they have access to in the follow up action. So the simplest way would be to look for an access group the user belongs to and have an order to pick it, so if a developer saves a work item the first time the internal access group is selected. If an external partner does that only the access group for the partner is found and set. The developers would be in that as well and have also access,  

The access group could be changed by some few roles later, if needed.

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 12,033

Question asked: Feb 08 '17, 4:23 a.m.

Question was seen: 2,086 times

Last updated: Feb 08 '17, 5:32 a.m.

Confirmation Cancel Confirm