It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×42,884

question asked: Jan 30 '08, 10:02 a.m.
question was seen: 4,504 times
last updated: Jan 30 '08, 10:02 a.m.

Related questions

default role/permission: how to completely restrict access?

0
Massimiliano Celli (2633) | asked Jan 30 '08, 10:02 a.m.
Hi all

my need is the following:

- I have 2 different Project Area (P1 and P2)
- I create User U1 and assign it to Team Area A1 of Project P1
- I want User U1 is not allowed to do anything in Project Area P2 so to restrict access on source code and any artifacts belonging to the Project P2 only to limited/well-defined users.

Inside the Process Specification editor for P2 I emptied all the <permission> sections related to <role id="default">

<role id="default"> </role>

I would expect that since U1 is even not known into the Project Area P2, it couldn't connect to P2
while the behavior is:
- U1 is able to connect to P2
- U1 is able to browse all the structure tree inside P2 into the Team Artifacts view
- U1 is able to run existing queries
- U1 is able to browse the Streams and download source code in P2
- ...

Could anybody explain me why this happens and, more important, how to change the Process Specs to meet my requirement?

thank you so much in advance.
ciao, max

3 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Kai-Uwe Maetzel (85611) | answered Jan 30 '08, 12:08 p.m.
JAZZ DEVELOPER
We currently do not support read access restrictions in RTC and will not
do so for 1.0. If a user can log into a repository, the user can connect
to any project area, read work items, etc. However, only user who are
members of the right areas and have assigned appropriate roles can make
modifications.

Kai
Jazz Process Component, Jazz PMC

mcelli wrote:
Hi all

my need is the following:

- I have 2 different Project Area (P1 and P2)
- I create User U1 and assign it to Team Area A1 of Project P1
- I want User U1 is not allowed to do anything in Project Area P2 so
to restrict access on source code and any artifacts belonging to the
Project P2 only to limited/well-defined users.

Inside the Process Specification editor for P2 I emptied all the
permission> sections related to <role
id="default"

role id="default"> </role

I would expect that since U1 is even not known into the Project Area
P2, it couldn't connect to P2
while the behavior is:
- U1 is able to connect to P2
- U1 is able to browse all the structure tree inside P2 into the Team
Artifacts view
- U1 is able to run existing queries
- U1 is able to browse the Streams and download source code in P2
- ...

Could anybody explain me why this happens and, more important, how to
change the Process Specs to meet my requirement?

thank you so much in advance.
ciao, max
0
permanent link
Massimiliano Celli (2633) | answered Jan 31 '08, 8:15 a.m.
oh my G
that doesn't sound a good news to me :-(

do you know if I can open an enhancement request to enable this kind of behavior?

can you suggest any kind of method to work this issue around?
e.g. create different repositories on the same server or something like that.

ciao, max
0
permanent link
Frank Gerhardt (9144) | answered Mar 10 '08, 8:28 p.m.
Hallo Kai,

Kai-Uwe Maetzel schrieb:
We currently do not support read access restrictions in RTC and will not
do so for 1.0. If a user can log into a repository, the user can connect
to any project area, read work items, etc. However, only user who are
members of the right areas and have assigned appropriate roles can make
modifications.

Oh, that surprises and worries me. As a small ISV I work for multiple
customers at the same time and their data must be separate.
Non-disclosure is part of almost every legal contract. They must not see
anything of another client's project.

To separate different client projects I could run separate Jazz servers
for every project.
Well, there might be a free version. Then I need only more memory.

But from what I have seen I think I will want the full commercial
version. I hope the licensing will be ISV friendly. Getting a commercial
license for every one of my clients to keep the data separate will be a
no go for Jazz.

Frank.

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.