How to set up ONLY add/remove user access to project and team area?
I want to set up a "Role" which wont be able to create/modify/delete work item or source code, or plan, or anything in process template. When this role is assigned to a user, he should be able to do ONLY the following:
- add/remove users from Team Area
- I added this user to "JazzUsers" group & gave him ONLY permission of "Team Configuration>Modify the collection of team members". So he is able to add/remove users from team area but NOT from ProjectArea.
- add/remove users from Project area
- Since #1 didnt work for ProjectArea, I added this user to "JazzProjectAdmin" group & gave him ONLY the permission of "Project Configuration>Modify the collection of team members". But now he is able to make updates to process template, checkin deliver and create workitems. Is JazzProjectAdmin overriding the permissions?
Accepted answer
You only need two permissions, "Process/Save Project Area/Modify a project area/Modify the collection of team members" and "Process/Save Team Area/Modify a team area/Modify the collection of team members". Of course you also need the JazzUsers repository role and a license. And most importantly, you need to revoke all permissions that you don't want to grant to this role from the Everybody role.
Comments
I gave this role permission to "Process/Save Project Area/Modify a project area/Modify the collection of team members" and "Process/Save Team Area/Modify a team area/Modify the collection of team members".
The JazzProjectAdmins role definitely gives more permissions than you need. What errors do you get with just the JazzUsers role?