JazzAdmin repository privilages justification
As with typical large enterprise clients where IBM CLM products are deployed they are likely to be supported by IM/IT and the Tools/Capability team that work closely with business. This brings challenges define where the border lies for IM/IT team and Tools/Capability team as far Jazz privileges are concerned.
In our organisation the IM/IT believe only they should have JazzAdmin privileges which brings support challenges for Tools team supporting business without having JazzAdmin privileges.
I have attempted to compile list below to justify why Tools team would also require JazzAdmin privileges. I would appreciate any feedback from user community on their view on this topic and if they have similar challenges dealing with IM/IT team in regards obtaining appropriate Jazz privileges. thanks in advance.
-
Ability to see private objects -https://jazz.net/forum/questions/179234/component-with-visibility-as-private-could-not-be-searched
-
Ability to see and support all Projects on the server irrespective you are declared a proj admin on it
-
Ability to enable Global Configuration Management
-
Introduction of product lines means that we will have separate projects linked via the use of product lines and the ability to coordinate and manage inter project relationships, gather metrics, build reports etc
-
For other ALM components like RQM, DNG, JRS there are further restrictions imposed (various menu options removed) that Software Capability team would require.
-
Ability to manage Reports, Data Warehouse/JRS
-
Ability to debug certain type of issues
-
Ability to see application status & diagnostic information
-
Ability to see “Manage Application” to aid debugging
-
Ability to see “Manage User” to aid debugging
-
Ability to change certain server settings like increase query display limit
3 answers
Comments
another issue we found was that without JazzAdmin the tools team is not able to see too all work items in a project as some maybe hidden with restricted access control.
I believe with JazzProject admin access, one can add / remove the tools team members to the access group or team area.
yes with JazzProject admin access, one can add / remove the tools team members to the access group or team area but this would be heavy process for enterprise customers which can have hundreds of project area and thousands of team areas. this increase maintainance overhead and time consuming action to add tool teams member to all team areas in CLM instance.
the other observation we made was that with JazzProjectAdmin you are not able to see all work items and streams/component unless you are named user on specific team areas that owns them.
to cut the long story short JazzAdmin access provide CLM instance wide visibility of all artefact required by tools team to support and respond to end user querries.
Comments
Hi Greg
The issues arises when there is an overlap with JazzAdmin rights with IT and Tools teams.
IT/IM team: JazzAdmin rights. Server and OS, maybe database
Tools Team: JazzAdmin rights. Application with full admin rights in the applications
Project teams: JazzUser rights. Users, some have admin rights within their projects
Yes that seems logically on the face it.
However the limitations with JazzProjectAdmin for Tools Team doesn't help the matter.
it appears some organisations grant some member of tools team with JazzAdmin to get around the issues discussed above.