It's all about the answers!

Ask a question

[RTC/EWM] Is there a way to export permissions for roles & operations?

Jochen Widmaier (2217) | asked Feb 18, 7:31 a.m.

 Hi everybody,

Is there a way (either through Web Client, Eclipse Client, REST API or Plain Java API) to export the permissions for operations per role? We are currently harmonizing two server instances to get a common process template. If there is a way to export that information it will be easier to compare.

Operation: Create 'Story' work item
Everyone:          Not Permitted
Project Lead :    Permitted

Operation: Create ' Risk' work item 

Thank you very much

Accepted answer

permanent link
Ralph Schoon (60.7k33643) | answered Feb 18, 7:50 a.m.

There is nothing built in, that I am aware of. I can not know this, unless I have done this my self, which I have not.

However, I know that customers have created tools to manage roles and permissions an so I assume you can get at the information if you want to.

  1.  The roles and permissions are in the Process XML as far as I can tell, you can analyze that and create the information you want.
  2. The Eclipse client provides an editor, so I assume the EWM SDK/plain java client libraries can access the information. 

Jochen Widmaier selected this answer as the correct answer

One other answer

permanent link
Jochen Widmaier (2217) | answered Feb 21, 9:45 a.m.

Thanks to Ralph I am a few steps further now:

- With the plain Java client libraries I extracted the process XML
- A small Python script (as I am much more used to Python then to Java ;-) ) extracts the necessary information from the XML and places it into a csv file (for easy textual comparison)

I have these follow up questions (whereas I doubt, that there will be a positive answer for all of them):
- I was unable to find further explanation regarding the process XML. What is the difference between the project-configuration section and the team-configuration section? Both contain information about permissions for different roles. And even for roles, which are not available on our instance.
- The default role ID corresponds to the Everybody role?
- From what I can see I assume, that only the actions the role is allowed to do are listed. Is there also a possibility to get all possible actions listed (to deduct the denied permissions)?

Thank you so much for your help.

Ralph Schoon commented Feb 21, 10:24 a.m.

If you look into the administration section in the Eclipse client, you see that there are two areas where permissions can be configured. This are the project-configuration section and the team-configuration section. The Web UI glosses over that fact a bit is I am not mistaken.

Everyone role == default Role.
To get all possible actions you could try and use a test area and actively allow a role all actions. Then export that as baseline.

Jochen Widmaier commented Feb 21, 10:52 a.m.

 Thank you very much Ralph. I am much more used to the web client. I just started to use the Eclipse client.

To get all possible actions you could try and use a test area and actively allow a role all actions. Then export that as baseline.
I assume, that selecting all actions would club them together. In our configuration the RTE is allowed to modify all attributes of work items, the PO only a (large) subset. The list of actions for the RTE is shorter as I assume the "any" action hides the details in the XML. I'll try to work around the missing information. 

Your answer

Register or to post your answer.