default role/permission: how to completely restrict access?
Hi all
my need is the following:
- I have 2 different Project Area (P1 and P2)
- I create User U1 and assign it to Team Area A1 of Project P1
- I want User U1 is not allowed to do anything in Project Area P2 so to restrict access on source code and any artifacts belonging to the Project P2 only to limited/well-defined users.
Inside the Process Specification editor for P2 I emptied all the <permission> sections related to <role id="default">
<role id="default"> </role>
I would expect that since U1 is even not known into the Project Area P2, it couldn't connect to P2
while the behavior is:
- U1 is able to connect to P2
- U1 is able to browse all the structure tree inside P2 into the Team Artifacts view
- U1 is able to run existing queries
- U1 is able to browse the Streams and download source code in P2
- ...
Could anybody explain me why this happens and, more important, how to change the Process Specs to meet my requirement?
thank you so much in advance.
ciao, max
my need is the following:
- I have 2 different Project Area (P1 and P2)
- I create User U1 and assign it to Team Area A1 of Project P1
- I want User U1 is not allowed to do anything in Project Area P2 so to restrict access on source code and any artifacts belonging to the Project P2 only to limited/well-defined users.
Inside the Process Specification editor for P2 I emptied all the <permission> sections related to <role id="default">
<role id="default"> </role>
I would expect that since U1 is even not known into the Project Area P2, it couldn't connect to P2
while the behavior is:
- U1 is able to connect to P2
- U1 is able to browse all the structure tree inside P2 into the Team Artifacts view
- U1 is able to run existing queries
- U1 is able to browse the Streams and download source code in P2
- ...
Could anybody explain me why this happens and, more important, how to change the Process Specs to meet my requirement?
thank you so much in advance.
ciao, max
3 answers
We currently do not support read access restrictions in RTC and will not
do so for 1.0. If a user can log into a repository, the user can connect
to any project area, read work items, etc. However, only user who are
members of the right areas and have assigned appropriate roles can make
modifications.
Kai
Jazz Process Component, Jazz PMC
mcelli wrote:
do so for 1.0. If a user can log into a repository, the user can connect
to any project area, read work items, etc. However, only user who are
members of the right areas and have assigned appropriate roles can make
modifications.
Kai
Jazz Process Component, Jazz PMC
mcelli wrote:
Hi all
my need is the following:
- I have 2 different Project Area (P1 and P2)
- I create User U1 and assign it to Team Area A1 of Project P1
- I want User U1 is not allowed to do anything in Project Area P2 so
to restrict access on source code and any artifacts belonging to the
Project P2 only to limited/well-defined users.
Inside the Process Specification editor for P2 I emptied all the
permission> sections related to <role
id="default"
role id="default"> </role
I would expect that since U1 is even not known into the Project Area
P2, it couldn't connect to P2
while the behavior is:
- U1 is able to connect to P2
- U1 is able to browse all the structure tree inside P2 into the Team
Artifacts view
- U1 is able to run existing queries
- U1 is able to browse the Streams and download source code in P2
- ...
Could anybody explain me why this happens and, more important, how to
change the Process Specs to meet my requirement?
thank you so much in advance.
ciao, max
Hallo Kai,
Kai-Uwe Maetzel schrieb:
Oh, that surprises and worries me. As a small ISV I work for multiple
customers at the same time and their data must be separate.
Non-disclosure is part of almost every legal contract. They must not see
anything of another client's project.
To separate different client projects I could run separate Jazz servers
for every project.
Well, there might be a free version. Then I need only more memory.
But from what I have seen I think I will want the full commercial
version. I hope the licensing will be ISV friendly. Getting a commercial
license for every one of my clients to keep the data separate will be a
no go for Jazz.
Frank.
Kai-Uwe Maetzel schrieb:
We currently do not support read access restrictions in RTC and will not
do so for 1.0. If a user can log into a repository, the user can connect
to any project area, read work items, etc. However, only user who are
members of the right areas and have assigned appropriate roles can make
modifications.
Oh, that surprises and worries me. As a small ISV I work for multiple
customers at the same time and their data must be separate.
Non-disclosure is part of almost every legal contract. They must not see
anything of another client's project.
To separate different client projects I could run separate Jazz servers
for every project.
Well, there might be a free version. Then I need only more memory.
But from what I have seen I think I will want the full commercial
version. I hope the licensing will be ISV friendly. Getting a commercial
license for every one of my clients to keep the data separate will be a
no go for Jazz.
Frank.