It's all about the answers!

Ask a question

Why is JazzGuests repository permission not enough to run GET requests on Reportable REST API?


Ian Wark (79713450) | asked Aug 26 '20, 10:58 p.m.
edited Aug 26 '20, 11:26 p.m.

When we run a command such as the below from the Process REST API, it displays results with JazzGuests repository permission. https://jazz.ibm.com:9443/ccm/process/project-areas/_BHMXYN04EeqfiuFpzi3eFQ/roles

Conditions:
User has JazzGuests repository permission.
User is added as a team member in the relevant project area.
No license is given to the user, as they are using JazzGuests.

When we try to do commands such as the below (under the same conditions) with the non-DNG Reportable REST API (https://jazz.net/wiki/bin/view/Main/ReportsRESTAPI) it fails with the below permissions error.

https://jazz.ibm.com:9443/ccm/rpt/repository/foundation?fields=projectArea/projectArea/roles/name

https://jazz.ibm.com:9443/ccm/rpt/repository/workitem?fields=workitem/workItem/itemHistory/(id|modified|(state/name)|(modifiedBy/(uniqueId|userId)))

This is the error returned:

Error 500: CRRED8021E: Internal Repository Error Caused by: [User "al" does not have the required permission to perform this operation. The "JazzUsers" repository permission is required to perform this operation.]

Our understanding is that JazzGuests have read-only access to the repository and we are only performing REST GET operations here, so we are wondering why the JazzUsers repository permission is required.

Could someone enlighten us?




Comments
Ian Barnard commented Sep 01 '20, 8:43 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

Did you try with an appropriate license allocated to the user?


Ian Wark commented Sep 01 '20, 7:50 p.m.

The point of JazzGuests (I understand) is that you do not wish to assign a license. The other repository roles provide some write permissions that require a license.

3 answers



permanent link
Ian Wark (79713450) | answered Sep 08 '20, 3:14 a.m.
The reason why you can't run the Repository REST API with JazzGuests is the API tries to generate and save information when you make a call.

It seems to be related to the com.ibm.rational.dataservices.framework.impl.ResourceProxyXMLGenerator class. The save requires JazzUsers repository permission. If the implementation is altered to not require save, JazzGuests should be able to run the Repository REST API.  (This is why you can run the Process REST API with JazzGuests.)

I created this RFE.

Allow JazzGuests to run GET on Repository REST API
http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=145080

Since JazzGuests has not been documented clearly, I also raised a documentary work item.

Please document JazzGuests repository permission
https://jazz.net/jazz/web/projects/Rational%20Team%20Concert#action=com.ibm.team.workitem.viewWorkItem&id=515704


permanent link
Bartosz Chrabski (3.4k12648) | answered Aug 27 '20, 4:49 p.m.

 Hi Ian,


You are right that, JazzGuest repository role only gives you read-only access to data. I suggest checking if user 'al' is added to the project as a member. Just check if 'al' is added on the project not a team level.


Comments
Ian Wark commented Aug 27 '20, 8:24 p.m.

That doesn't answer the question of Why? In the above we are only performing read-only operations. As I note above, user 'al' is added to one project as a member. Although there are other CCM project areas in the repository. But I don't think adding him to every project area in the repository is the solution. We are thinking that JazzGuests should be able to perform these GET operations. If this is working as designed, please explain why.


permanent link
Geoffrey Clemm (30.1k33035) | answered Aug 28 '20, 11:00 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

I don't have an authoritative answer to this question, but I expect that at least part of the answer is that running these queries against the applications can produce significant load on those applications, and you don't want unlicensed "guests" to be producing that load.  For example, all jazz.net users are given JazzGuest repository permission, but we don't want those tens of thousands of jazz.net guest users to be loading up the development applications with those queries.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.