Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

How to restrict WI visibility to teams but also allow a special group read only access to all WI

Questions
Tags
Users
Badges
Ian Wark
(79713553) Mar 03 '17, 9:12 p.m.

Environment: RTC 6.0.2


I have a requirement for read only access which I am not sure how to implement. Can you restrict visibility of work items to specific teams but also allow an overseeing team of users read only access to all work items, including those restricted work items?  When I tested restricting visibility via categories, it really did restrict visibility to JUST those teams and their child team areas. Noone else. Period.

We can't give JazzAdmins permission to that overseeing team and we also can't override the work item visibility of the work items among the rest of the teams. (Those teams need to be able to see their own work items, but not the work items of other teams.)

Is this possible? We are happy to write plugins or customize if there is a way to do this.

0 votes

1 answer
1,740 views
0 votes

Accepted answer

Permanent link
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER (63.9k33648) Mar 06 '17, 3:14 a.m.

 Ian,


this is possible, however, there is no automation available. You can use the restricted access attribute as described in https://rsjazz.wordpress.com/2016/02/02/setting-access-control-permissions-for-work-items/ and set it to an access group that allows the access you want. 

Note, there is no "read only" access. You have access to a work item and then permissions for operations.


Ian Wark selected this answer as the correct answer

0 votes

Comments
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Mar 06 '17, 3:22 a.m.

 To set the restricted access attribute you could use a JavaScript default value or a follow up action. 

Ian Wark
Mar 06 '17, 5:47 a.m.

Thanks for the feedback. I'm not sure the access group will allow us to control our access the way we need to, however. Here is our scenario:

TeamA
      ----TeamB
                ----TeamC

TeamD
      ----TeamE
                ----TeamF

TeamA can only see its own work items.
TeamB can see TeamA and its own work items.
TeamC can see all work items from TeamA, B, C, D, E, F. (overseeing team)

TeamD can only see its own work items.
TeamE can see TeamD and its own work items.
TeamF can see all work items from TeamA, B, C, D, E, F. (overseeing team)

etc..

Ian Wark
Mar 06 '17, 5:47 a.m.

In this scenario, if we put say members of TeamA and TeamC in an access group, then TeamB will not be able to see TeamA work items. And if we put TeamB and TeamC in an access group, then neither TeamB nor TeamC can see TeamA work items. I can't think of a way to divide up to meet our requirement.

If we use categories, we can create these teams in a hierarchy, so that TeamC can see TeamB and TeamA work items, and TeamB can see TeamA and TeamB work items, and TeamC can see everyone's work items.

But the problem is we need to create a new TeamF with the same users as TeamC to make this work with categories. That means a LOT of extra team areas. We'd love to put those users in e.g. an access group separately which provides access to all work items.. but we can't do category based permissions and access group permissions at the same time (AFAIK).

Not sure how clear that is. Is this scenario possible?

Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Mar 06 '17, 6:06 a.m.

 You can either use the built in restriction based on categories, or you use access groups.

If you use categories, your requirement above is only doable by assigning users that shall be able to see all work items to team C and to team F. Which, by the way, would be the simlest way to achieve your requirement.

If you use access groups the nesting/structure does not matter. You assign an access group to a work item. The access group specifies which users or teams can see the work item. Note, you need some kind of custom automation to set the access groups, or you would always have to do it manually.
Groups:
AccessA add TeamArea A,B,C,F
AccessAB add TeamArea B,C,F
AccessABC add TeamArea C,F
AccessD add TeamArea D,E,C,F
AccessDE add TeamArea E,C,F
AccessDEF add TeamArea C,F

Work items for team area A get assigned AccessA, for Team B AccessAB and so forth.

1 vote

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 12,020

Question asked: Mar 03 '17, 9:12 p.m.

Question was seen: 1,740 times

Last updated: Mar 06 '17, 6:06 a.m.

Confirmation Cancel Confirm