[RTC/EWM] Is there a way to export permissions for roles & operations?
Hi everybody,
Is there a way (either through Web Client, Eclipse Client, REST API or Plain Java API) to export the permissions for operations per role? We are currently harmonizing two server instances to get a common process template. If there is a way to export that information it will be easier to compare.
Example:
Operation: Create 'Story' work item
Everyone: Not Permitted
Project Lead : Permitted
...
Operation: Create ' Risk' work item
...
Thank you very much
Accepted answer
There is nothing built in, that I am aware of. I can not know this, unless I have done this my self, which I have not.
However, I know that customers have created tools to manage roles and permissions an so I assume you can get at the information if you want to.
- The roles and permissions are in the Process XML as far as I can tell, you can analyze that and create the information you want.
- The Eclipse client provides an editor, so I assume the EWM SDK/plain java client libraries can access the information.
One other answer
Thanks to Ralph I am a few steps further now:
- With the plain Java client libraries I extracted the process XML
- A small Python script (as I am much more used to Python then to Java ;-) ) extracts the necessary information from the XML and places it into a csv file (for easy textual comparison)
I have these follow up questions (whereas I doubt, that there will be a positive answer for all of them):
- I was unable to find further explanation regarding the process XML. What is the difference between the project-configuration section and the team-configuration section? Both contain information about permissions for different roles. And even for roles, which are not available on our instance.
- The default role ID corresponds to the Everybody role?
- From what I can see I assume, that only the actions the role is allowed to do are listed. Is there also a possibility to get all possible actions listed (to deduct the denied permissions)?
Thank you so much for your help.
Comments
If you look into the administration section in the Eclipse client, you see that there are two areas where permissions can be configured. This are the project-configuration section and the team-configuration section. The Web UI glosses over that fact a bit is I am not mistaken.
Everyone role == default Role.
To get all possible actions you could try and use a test area and actively allow a role all actions. Then export that as baseline.
Thank you very much Ralph. I am much more used to the web client. I just started to use the Eclipse client.
> To get all possible actions you could try and use a test area and actively allow a role all actions. Then export that as baseline.
I assume, that selecting all actions would club them together. In our configuration the RTE is allowed to modify all attributes of work items, the PO only a (large) subset. The list of actions for the RTE is shorter as I assume the "any" action hides the details in the XML. I'll try to work around the missing information.