It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×42,854

question asked: Oct 27 '09, 9:46 a.m.
question was seen: 6,433 times
last updated: Oct 27 '09, 9:46 a.m.

Related questions

Question on Project Area access restriction

0
Steven Pogue (7142) | asked Oct 27 '09, 9:46 a.m.
I have a RTC 2.0 server set up to host multiple project areas. Some of them are configured for "Everyone" access while others are more restrictive.

For the more restrictive ones, if a user who has not been granted access tries to access that project area via the WebUI, they will be redirected to the Project Area listing. I would prefer that they see a message indicating that they do not have access rights to that project area. Is there a way to have this type of behavior?

5 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Shivank Arya (19141) | answered Oct 28 '09, 12:26 a.m.
JAZZ DEVELOPER
At present, RTC does not have a mechanism to display informative message if a user tries to access a project area for which he does not have access rights.
A user can only view project areas for which he has been granted access rights. And if he tries to access any project area where he does not have read access through a URL in web UI, he will be redirected to Project Area Listing.

-Shivank
Jazz Process Team

I have a RTC 2.0 server set up to host multiple project areas. Some of them are configured for "Everyone" access while others are more restrictive.

For the more restrictive ones, if a user who has not been granted access tries to access that project area via the WebUI, they will be redirected to the Project Area listing. I would prefer that they see a message indicating that they do not have access rights to that project area. Is there a way to have this type of behavior?
0
permanent link
Steven Pogue (7142) | answered Oct 28 '09, 8:22 a.m.
That's unfortunate since we have static bookmarks in our solution that aren't sensitive to user access rights in RTC. Can a workitem be opened to at least provide an intermediate information box prior to the redirect?

At present, RTC does not have a mechanism to display informative message if a user tries to access a project area for which he does not have access rights.
A user can only view project areas for which he has been granted access rights. And if he tries to access any project area where he does not have read access through a URL in web UI, he will be redirected to Project Area Listing.

-Shivank
Jazz Process Team
0
permanent link
Geoffrey Clemm (30.1k33035) | answered Oct 28 '09, 8:43 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Note that some customers would consider it a security problem to produce
an error message of the form "you don't have read access to this
project" because it exposes the fact that the project exists.

Regards,
Geoff

spogue wrote:
That's unfortunate since we have static bookmarks in our solution that
aren't sensitive to user access rights in RTC. Can a workitem be
opened to at least provide an intermediate information box prior to
the redirect?

At present, RTC does not have a mechanism to display informative
message if a user tries to access a project area for which he does
not have access rights.
A user can only view project areas for which he has been granted
access rights. And if he tries to access any project area where he
does not have read access through a URL in web UI, he will be
redirected to Project Area Listing.
-Shivank
Jazz Process Team
0
permanent link
Steven Pogue (7142) | answered Oct 28 '09, 1:57 p.m.
In our situation, the projects are known via a front-end portal. Relative to your concern, the message certainly be phrased to leave that ambiguous, such as with userid/password validation...."The information is either incorrect or not available"...

Redirecting without a message appears more like a bug to an average user.

Note that some customers would consider it a security problem to produce
an error message of the form "you don't have read access to this
project" because it exposes the fact that the project exists.

Regards,
Geoff

0
permanent link
Jared Burns (4.5k29) | answered Nov 18 '09, 9:09 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
On Wed, 28 Oct 2009 18:07:58 +0000, spogue wrote:

In our situation, the projects are known via a front-end portal.
Relative to your concern, the message certainly be phrased to leave that
ambiguous, such as with userid/password validation...."The information
is either incorrect or not available"...

Redirecting without a message appears more like a bug to an average
user.

If you hit a URL that specifies a project area that can't be found (for
whatever reason), it seems reasonable that we could show an error
message. Please file an enhancement request for this.

--
Jared Burns
Jazz Process Team

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.