Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

How to implement access control on web

Questions
Tags
Users
Badges
yu wang
(48816245) Nov 26 '22, 9:31 p.m.

 

user-a   have the following defect:
          defect-d1
          defect-d2

user-b   have the following defect:
          defect-d3
          defect-d4
user-a can't access  defect-d3 and  defect-d4,user-b  can't  access defect-d1 and  defect-d2
How to  implement it?

I want to use elm workflow on public internet .

0 votes

3 answers
1,638 views
0 votes

3 answers

Permanent link
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER (63.9k33648) Nov 28 '22, 2:51 a.m.

 To my knowledge, EWM does not provide a user based permission mechanism as suggested above. 

Here are some links to what EWM can do: https://jazz.net/library/article/554

I have written up, what mechanisms there are and how to provide more automation here: https://rsjazz.wordpress.com/2016/01/27/manage-access-control-permissions-for-work-items-and-versionables/  

1 vote

Comments
yu wang
Nov 30 '22, 7:15 a.m.

 Thank you very much.


One sub team only have one user.

Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Nov 30 '22, 3:12 a.m.

How would that scale? You would have to maintain many teams. You can play with it however. Access groups are also an option, but do not have built in automation.

Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Nov 30 '22, 3:14 a.m.

How would that scale? You would have to maintain many teams. You can play with it however. Access groups are also an option, but do not have built in automation. Same scalability concerns apply. 

Also, why would someone use work items if only they can see it? 

yu wang
Nov 30 '22, 7:18 a.m.

 I want to use ELM workflow on public internet .

Many customers use the same ELM Workflow ,but a customer can't see other customer defects.

Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Nov 30 '22, 7:39 a.m.

Please consider using comments on answers, instead of always writing more answers to your own question. 

Davyd Norris
Nov 30 '22, 7:33 p.m.
Creating a sub team for each client is what I have previously done. While there may be a single user in the sub team on the client side, you will also have internal team members assigned there as well so that they get notified of client changes etc.

There is some maintenance getting this set up initially but then it's pretty simple to keep going. Your top level categories will reflect the client name and that makes it very easy to see and manage work items across many clients or within a single client

showing 5 of 6 show 1 more comments
Permanent link
Davyd Norris
(3.0k217) Nov 28 '22, 5:18 p.m.
As Ralph mentioned, you can't control visibility on a user basis - it's done on a team basis.

Set up sub teams, create a set of categories, and then map a sub team to the categories. Then on each category you can:
- "Restrict Category Visibility", which hides the Category from all but members of the associated Team
- "Restrict Work Item Access", which hides Work Items assigned to this Category from all but members of the associated Team
- "Use As Default", which makes the Category the one selected by default when a user in that sub team creates a new Work Item

1 vote

Permanent link
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER (63.9k33648) edited
Nov 30 '22, 7:44 a.m.

 I think we have answered what options you have already at least twice.

  1. You can set up category based restricted access and manage the members of the teams that can see the shared work items in team areas associated with the category.  Teams can have one or more members. See the links above. Note that users not member of such a team can not see the work items filed against that team.
  2. You can manage access groups where each access group has one or more members (including project or team areas). You can set the restricted access of each work item to an access group and only the members of that access group can see the work item. There is no automation for this, but it would be possible to write a follow up action to automate this. See my blog links for how that would work. The amount of access groups might be limited, but I know a customer who is using this for at least SCM access.
I will stay with my comment: access management, where only one person has access is pointless and EWM is not designed for this. EWM is designed to share to be able to work together. There are capabilities to limit access to team areas or access groups for more fine grained control. 

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Nov 26 '22, 9:31 p.m.

Question was seen: 1,638 times

Last updated: Nov 30 '22, 7:33 p.m.

Confirmation Cancel Confirm