It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×42,549
×10,624
×1,267
×92
×21
×1

question asked: Feb 18 '22, 7:31 a.m.
question was seen: 653 times
last updated: Feb 21 '22, 10:52 a.m.

Related questions

FAQ - How this Forum works

[RTC/EWM] Is there a way to export permissions for roles & operations?

0
Jochen Widmaier (2219) | asked Feb 18 '22, 7:31 a.m.

 Hi everybody,

Is there a way (either through Web Client, Eclipse Client, REST API or Plain Java API) to export the permissions for operations per role? We are currently harmonizing two server instances to get a common process template. If there is a way to export that information it will be easier to compare.

Example:
Operation: Create 'Story' work item
Everyone:          Not Permitted
Project Lead :    Permitted
...

Operation: Create ' Risk' work item 
...

Thank you very much

Accepted answer

0
permanent link
Ralph Schoon (62.0k33643) | answered Feb 18 '22, 7:50 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

There is nothing built in, that I am aware of. I can not know this, unless I have done this my self, which I have not.


However, I know that customers have created tools to manage roles and permissions an so I assume you can get at the information if you want to.

  1.  The roles and permissions are in the Process XML as far as I can tell, you can analyze that and create the information you want.
  2. The Eclipse client provides an editor, so I assume the EWM SDK/plain java client libraries can access the information. 


Jochen Widmaier selected this answer as the correct answer

One other answer

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Jochen Widmaier (2219) | answered Feb 21 '22, 9:45 a.m.

Thanks to Ralph I am a few steps further now:

- With the plain Java client libraries I extracted the process XML
- A small Python script (as I am much more used to Python then to Java ;-) ) extracts the necessary information from the XML and places it into a csv file (for easy textual comparison)

I have these follow up questions (whereas I doubt, that there will be a positive answer for all of them):
- I was unable to find further explanation regarding the process XML. What is the difference between the project-configuration section and the team-configuration section? Both contain information about permissions for different roles. And even for roles, which are not available on our instance.
- The default role ID corresponds to the Everybody role?
- From what I can see I assume, that only the actions the role is allowed to do are listed. Is there also a possibility to get all possible actions listed (to deduct the denied permissions)?

Thank you so much for your help.


Comments
Ralph Schoon commented Feb 21 '22, 10:24 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

If you look into the administration section in the Eclipse client, you see that there are two areas where permissions can be configured. This are the project-configuration section and the team-configuration section. The Web UI glosses over that fact a bit is I am not mistaken.

Everyone role == default Role.
To get all possible actions you could try and use a test area and actively allow a role all actions. Then export that as baseline.

Jochen Widmaier commented Feb 21 '22, 10:52 a.m.

 Thank you very much Ralph. I am much more used to the web client. I just started to use the Eclipse client.


To get all possible actions you could try and use a test area and actively allow a role all actions. Then export that as baseline.
I assume, that selecting all actions would club them together. In our configuration the RTE is allowed to modify all attributes of work items, the PO only a (large) subset. The list of actions for the RTE is shorter as I assume the "any" action hides the details in the XML. I'll try to work around the missing information. 

Your answer

Register or to post your answer.