It's all about the answers!

Ask a question

EWM: How to block users of specific roles to add attachments to a work item of specific type and status?


Ulrich Simon (131) | asked Oct 29 '21, 3:21 a.m.

I have the request to block users to add attachments to work items of a specific type, if the work item is in a defined state and the user has not a specific role.

Users with a specific role may add attachments to this work item, independent of the status, but most users shall be blocked.
Is there any option to fulfill this, without creating an advisor on server side, which checks this?

2 answers



permanent link
Bartosz Chrabski (3.3k12141) | answered Oct 29 '21, 3:26 a.m.
edited Oct 29 '21, 10:21 a.m.

 Hey,


Maybe someone will come here with more clever idea but as far I know the only idea would be using RTC server side extension (custom code) that will check the role, state and file attachment type you are trying to save. This would work in both types of RTC (EWM) clients but will require coding this.


Comments
Ralph Schoon commented Oct 29 '21, 7:27 a.m. | edited Oct 29 '21, 7:43 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

I have looked into the process, and there are individual permissions for Work item attachment creation, deletion, etc.


Bartosz Chrabski commented Oct 29 '21, 10:21 a.m. | edited Oct 29 '21, 10:22 a.m.

 I was thinking about different file types (attachment types like pdf, jpg, png).


Additional problem can be connecting states, that is why I tihnk the only way is to develop it with customer extension.


Ralph Schoon commented Oct 29 '21, 10:44 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

Attachment type is quite fuzzy and not requested. But state and role are and they are the driver needing an advisor.


permanent link
Ralph Schoon (60.5k33643) | answered Oct 29 '21, 7:46 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
edited Oct 29 '21, 7:47 a.m.

 Please go into the web admin UI and go to permissions. Select by role and then type "attachment" to filter the permissions. Remove the permissions to add attachments etc. for all the roles, except the ones that should be allowed. 


This works for me here.


Comments
Ralph Schoon commented Oct 29 '21, 7:52 a.m. | edited Oct 29 '21, 7:55 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

Please note that you can not block users with specific roles to do something. Get the concepts right. Permissions allow a role to perform an operation. Users with a role in a specific context can do what the role permits. In EWM every user has at least the default role "Everyone" and can have multiple additional roles. Multiple roles aggregate permissions. If one role has the permission the user with that role has the permission.


If I have a role "nothing allowed" and a role "all is allowed", then I can do everything.
  


Ulrich Simon commented Oct 29 '21, 8:25 a.m.

Hi Ralph, your solution is working fine, if a user shall not be allowed to create an attachment in any state of the work item. In my case, the user shall be allowed to add an attachment in an early state of the work item, but not in later states. So the rule is not only about the role as well as the state of the work item. And this option is not included in the standard permissions.


Ralph Schoon commented Oct 29 '21, 9:33 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

The built in capabilities do not allow to configure that much details. This would mean an Java Server extension. An Advisor. This is not trivial, but if you want to try, start here:  https://rsjazz.wordpress.com/2015/09/30/learning-to-fly-getting-started-with-the-rtc-java-apis/ and look into the extensions workshop. There is a link to the workshop in the blog.  

Your answer


Register or to post your answer.