Granting a role different permissions for diff asset types
Hi,
I can't seem to use RAM to accomplish the following -- any guidance is appreciated. Let's say I have one role X and two asset types A and B. I want to grant role X In RAM, I can use admin authority to specify However, I cannot find a way to specify different permissions for A and B for the same role X. What am I missing? |
6 answers
No. It depends on the version of RAM and the lifecycle. In 7502 and lower owners, lifecycle Managers/reviewboard Members, and admin can change ownership. In 751, lifecycle managers/review board members, and admin can change ownership. An owner can change ownership only if they are also a lifecycle manager. -- Rich Kulp Rational Asset Manager developer |
Hi, Thanks Rich... can an administrator transfer ownership of an asset from one user to another? |
Hi,
Owners are only individual users. User groups can't be owners. I don't know how to solve your requirement because of this. -- Rich Kulp Rational Asset Manager developer |
Hi,
I have a requirement on asset ownership and am not sure how to fulfill it. By default, RAM makes the submitter of an asset the asset owner. For my requirement, I want the department to which the submitter belongs to become the owner. e.g. If PersonA submits an asset, by default, RAM makes PersonA the owner of that asset. That means PersonA can update and delete the asset. For my requirement, instead of making PersonA the asset owner, I need to make the department to which PersonA belongs the owner. Therefore, if the department has PersonB and PersonC in it as well, PersonA, PersonB, and PersonC all should have update and delete permissions for that asset (submitted by PersonA). I was told RAM has an out-of-the-box "Modify Asset Owner" policy, but reading the documentation of that policy seems to indicate it doesn't do exactly what I want. That out-of-the-box "Modify Asset Owner" policy relies on an attribute of User type to be defined. Then, that attribute has to contain the ID of the owner to be assigned. When the policy runs, RAM will take the value of that attribute and set it as the owner of the asset. My questions are: My questions are: 1. Can that User type attribute contain the ID of a group? 2. If 'yes' to my question #1, how can I extend that out-of-the-box policy to make that attribute contain the ID of a group? 3. If 'yes' to my question #1, how can I extend that out-of-the-box policy to resolve the group to its members? Or, is it necessary to do this resolution? e.g. Can RAM resolve it at the time it enforces access control? Using my example above with PersonA, PersonB, PersonC. Let's say they all belong to "DeptX". Can I set the value of that attribute in the Modify Asset Owner policy to "DeptX" and when PersonB logs on and attempts to do something with the asset, RAM will be able to figure out PersonB belongs to DeptX and DeptX has been assigned as the asset owner, and therefore PersonB should be granted the rights of an asset owner? If what I said above is not easy to do, I would appreciate some guidance on how to satisfy my stated requirement above. Ultimately, I don't want to "hardcode" individuals as owners of assets (for obvious reasons that individuals move around, may leave, etc.). I want to use groups to represent owners of assets and I need RAM to be able to (or allow me to extend it so that it can) resolve those groups to individuals at the time when access control decisions are made/enforced. Thanks |
On 11/8/2011 2:08 PM, jwatbank wrote:
You can't. Permissions are assigned to roles, not the conditions. The conditions on the role only indicate under what conditions the role is active and will give those permissions to assigned users/usergroups. If you want a different set of permissions you need a different role with a different set of conditions to activate it. -- Rich Kulp Rational Asset Manager developer thanks! |
On 11/8/2011 2:08 PM, jwatbank wrote:
You can't. Permissions are assigned to roles, not the conditions. The conditions on the role only indicate under what conditions the role is active and will give those permissions to assigned users/usergroups. If you want a different set of permissions you need a different role with a different set of conditions to activate it. -- Rich Kulp Rational Asset Manager developer |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.