It's all about the answers!

Ask a question

How to set up ONLY add/remove user access to project and team area?


Pravin Patil (104116115) | asked Mar 03 '17, 3:59 p.m.

 I want to set up a "Role" which wont be able to create/modify/delete work item or source code, or plan, or anything in process template. When this role is assigned to a user, he should be able to do ONLY the following:

  1. add/remove users from Team Area
    • I added this user to "JazzUsers" group & gave him ONLY permission of "Team Configuration>Modify the collection of team members". So he is able to add/remove users from team area but NOT from ProjectArea.
  2. add/remove users from Project area
    • Since #1 didnt work for ProjectArea, I added this user to "JazzProjectAdmin" group & gave him ONLY the permission of "Project Configuration>Modify the collection of team members". But now he is able to make updates to process template, checkin deliver and create workitems. Is JazzProjectAdmin overriding the permissions?
How to set this up, "user should be able to add/remove user from project and team area" but cant do anything else?
Please suggest.

Accepted answer


permanent link
Donald Nong (14.4k314) | answered Mar 05 '17, 7:32 p.m.

You only need two permissions, "Process/Save Project Area/Modify a project area/Modify the collection of team members" and "Process/Save Team Area/Modify a team area/Modify the collection of team members". Of course you also need the JazzUsers repository role and a license. And most importantly, you need to revoke all permissions that you don't want to grant to this role from the Everybody role.

Pravin Patil selected this answer as the correct answer

Comments
Pravin Patil commented Mar 06 '17, 5:57 p.m.

I gave this role permission to "Process/Save Project Area/Modify a project area/Modify the collection of team members" and "Process/Save Team Area/Modify a team area/Modify the collection of team members".


But with only JazzUsers group he is not able to perform "Process/Save Project Area/Modify a project area/Modify the collection of team members".
So I thought I need to add him to JazzProjectAdmin group. After doing that he is able to do lot more then adding/removing members, even though I have not given him any other permissions.


Donald Nong commented Mar 06 '17, 6:05 p.m.

The JazzProjectAdmins role definitely gives more permissions than you need. What errors do you get with just the JazzUsers role?

Your answer


Register or to post your answer.