It's all about the answers!

Ask a question

Duplicated permissions across components

Harrison Vince (35116) | asked Nov 11 '19, 11:35 p.m.

We are using multiple (say three) components in our project, each with one stream. Each component/stream defines a 'Requirement' artifact type, where the URI for each 'Requirement' is the same across each component. 

When setting the 'Save Artifact' permissions for the 'Requirement' artifact, it appears three times in the list - one for each stream. I would have imagined that it would only appear once, as the URI is the same for all.

Am I doing something wrong? This seems to be an issue to me, when you have your system requirements broken down into a number of components, how are you supposed to manage artifact and attribute permissions efficiently?

2 answers

permanent link
Valerie Lampkin (913) | answered Nov 12 '19, 8:48 a.m.

I believe this is working as designed so that you have the granularity to have different users working on the individual streams.

Harrison Vince commented Nov 12 '19, 5:31 p.m.

Thanks Valerie, this is interesting. This means that, for stream level permissions, the same level of fidelity can be achieved with both roles and team areas:

  1. A role can be created per stream, where each role grants permissions for one '_Requirement' artifact.
  2. Team areas are created per stream, with all artifacts in a stream being assigned the corresponding team area. One is created which grants permissions for all '_Requirement' artifacts at the project level. Users are then assigned the author role in certain team areas.
Our database is quite large, do you know if there is a recommended approach to the best way of doing this?

Harrison Vince commented Nov 12 '19, 5:32 p.m.

 There is also the possibiltity of setting permissions at the team area level, which I havnt touched on here.

permanent link
Stefan Oblinger (185213) | answered Nov 13 '19, 2:19 a.m.
All companies I know aim for a common RM datamodel. Otherwise you would end up with a mess in LQE and with your overall reporting. But efficient sharing and maintenance of datamodel-specific permissions is not possible "by design" (133158: DNG Roles / Permissions incorrectly set if using customised process templates in Configuration Enabled Project Areas). 

We expect that we will end up with several hundreds (maybe thousands) of streams in future. But we miss efficient maintenance of a common datamodel and datamodel-specific permissions. Inheritance of datamodel-specific permissions by "Process Sharing" does not work if PAs are configuration enabled.

I see two options how to deal with this issue:
- Avoid datamodel-specific permissions
- Custom Tooling/Scripting

I appreciate any additional idea or hint concerning this topic.

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.