Why is JazzGuests repository permission not enough to run GET requests on Reportable REST API?
When we run a command such as the below from the Process REST API, it displays results with JazzGuests repository permission. https://jazz.ibm.com:9443/ccm/process/project-areas/_BHMXYN04EeqfiuFpzi3eFQ/roles
Conditions:
User has JazzGuests repository permission.
User is added as a team member in the relevant project area.
No license is given to the user, as they are using JazzGuests.
When we try to do commands such as the below (under the same conditions) with the non-DNG Reportable REST API (https://jazz.net/wiki/bin/view/Main/ReportsRESTAPI) it fails with the below permissions error.
https://jazz.ibm.com:9443/ccm/rpt/repository/foundation?fields=projectArea/projectArea/roles/name
https://jazz.ibm.com:9443/ccm/rpt/repository/workitem?fields=workitem/workItem/itemHistory/(id|modified|(state/name)|(modifiedBy/(uniqueId|userId)))
This is the error returned:
Error 500: CRRED8021E: Internal Repository Error Caused by: [User "al" does not have the required permission to perform this operation. The "JazzUsers" repository permission is required to perform this operation.]
Our understanding is that JazzGuests have read-only access to the repository and we are only performing REST GET operations here, so we are wondering why the JazzUsers repository permission is required.
Could someone enlighten us?
3 answers
I don't have an authoritative answer to this question, but I expect that at least part of the answer is that running these queries against the applications can produce significant load on those applications, and you don't want unlicensed "guests" to be producing that load. For example, all jazz.net users are given JazzGuest repository permission, but we don't want those tens of thousands of jazz.net guest users to be loading up the development applications with those queries.
Hi Ian,
Comments
That doesn't answer the question of Why? In the above we are only performing read-only operations. As I note above, user 'al' is added to one project as a member. Although there are other CCM project areas in the repository. But I don't think adding him to every project area in the repository is the solution. We are thinking that JazzGuests should be able to perform these GET operations. If this is working as designed, please explain why.
http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=145080
Since JazzGuests has not been documented clearly, I also raised a documentary work item.
Please document JazzGuests repository permission
https://jazz.net/jazz/web/projects/Rational%20Team%20Concert#action=com.ibm.team.workitem.viewWorkItem&id=515704
Comments
Ian Barnard
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Sep 01 '20, 8:43 a.m.Did you try with an appropriate license allocated to the user?
Ian Wark
Sep 01 '20, 7:50 p.m.The point of JazzGuests (I understand) is that you do not wish to assign a license. The other repository roles provide some write permissions that require a license.