Permissions for delivering to a particular stream ?
Suppose that in a Project Area, there are two streams:
- The "Back-End Stream" is owned by "Back-End Team". In this team, there are David and Mary.
- The "Integration Stream" is owned by "Integration Team". There are Michael and Gabriel in this team.
I would like to restrict the permissions on delivering codes of David and Mary. They can only deliver change-sets in the "Back-End Stream" and not in the "Integration Stream". While Michael and Gabriel can deliver change-sets in both streams.
How can I implement these restrictions ?
- The "Back-End Stream" is owned by "Back-End Team". In this team, there are David and Mary.
- The "Integration Stream" is owned by "Integration Team". There are Michael and Gabriel in this team.
I would like to restrict the permissions on delivering codes of David and Mary. They can only deliver change-sets in the "Back-End Stream" and not in the "Integration Stream". While Michael and Gabriel can deliver change-sets in both streams.
How can I implement these restrictions ?
3 answers
You would have to add Gabriel and Mary to the Back-End Team. That should do it, then adjust the permissions in the process specification to restrict deliveries to only defined roles in each team.
Team membership in Jazz don't inherit or cascade upwards, if you take the following example:
Project P1
Team T1
Team T11
Team T2
Just because someone is on team T1, it doesn't mean that they are also on team T11 and vice-versa. This means that to deliver to a stream owned by T11 you would have to be on that team.
I must admit that our documentation isn't great in this area, but we will improve over the next months to better explain how our current permission model works.
Team membership in Jazz don't inherit or cascade upwards, if you take the following example:
Project P1
Team T1
Team T11
Team T2
Just because someone is on team T1, it doesn't mean that they are also on team T11 and vice-versa. This means that to deliver to a stream owned by T11 you would have to be on that team.
I must admit that our documentation isn't great in this area, but we will improve over the next months to better explain how our current permission model works.
Given the project/team structure you describe, you could assign these
permissions like so:
1. In the project area, create a "contributor" role and grant
permissions for this role to deliver code. For example:
<process-specification>
<role-definitions>
<role-definition role-id="contributor" cardinality="many"
description="A team member who may release changes to the team's streams
in the repository."/>
</role-definitions>
<team-configuration>
<permissions>
<operation id="com.ibm.team.scm.server.deliver">
<action id="any"/>
</operation>
</permissions>
</team-configuration>
</process-specification>
2. Assign Michael and Gabriel the contributor role at the project area
level.
3. Assign David and Mary the contributor role in the "Back-End Team"
team area.
Role assignments are inherited down the hierarchy, so the role assigned
to Michael and Gabriel will apply in all team areas. David and Mary's
assignment will only apply to the "Back-End" team area (and any child
team areas that you might add later).
- Jared
daclan wrote:
permissions like so:
1. In the project area, create a "contributor" role and grant
permissions for this role to deliver code. For example:
<process-specification>
<role-definitions>
<role-definition role-id="contributor" cardinality="many"
description="A team member who may release changes to the team's streams
in the repository."/>
</role-definitions>
<team-configuration>
<permissions>
<operation id="com.ibm.team.scm.server.deliver">
<action id="any"/>
</operation>
</permissions>
</team-configuration>
</process-specification>
2. Assign Michael and Gabriel the contributor role at the project area
level.
3. Assign David and Mary the contributor role in the "Back-End Team"
team area.
Role assignments are inherited down the hierarchy, so the role assigned
to Michael and Gabriel will apply in all team areas. David and Mary's
assignment will only apply to the "Back-End" team area (and any child
team areas that you might add later).
- Jared
daclan wrote:
Suppose that in a Project Area, there are two streams:
- The "Back-End Stream" is owned by "Back-End
Team". In this team, there are David and Mary.
- The "Integration Stream" is owned by "Integration
Team". There are Michael and Gabriel in this team.
I would like to restrict the permissions on delivering codes of David
and Mary. They can only deliver change-sets in the "Back-End
Stream" and not in the "Integration Stream". While
Michael and Gabriel can deliver change-sets in both streams.
How can I implement these restrictions ?