Struggling with project/team hierarchy and its impacts
One of the things we're really struggling with is how the following concepts work together:
1. Project/team hierarchy 2. Permission inheritance 3. Artifact visibility - this includes team dashboards, team queries, streams, & components 4. Stream/component ownership Currently we have a team organization structured like this in our RTC 3.0.1 repository: Project P --- Team A --- Team B --- Team C etc We are currently adding users to both the project area and their specific teams. Each team is for a given release so we also have integration and release streams created for each release and owned by the corresponding team. We want to be able to get the project/team hierarchy and stream/component ownership all correct in such a way that we can: - we can restrict delivery to streams. We want developers to be able to deliver to integration but not release streams. However, they can have read-only access to those release streams. - we can also make managing members of areas easier, if possible. We have some base permissions we want all project team members to have (but not necessarily the same as the Everyone default role since that would be everyone on the repository, correct?) but also assign more permissions to that user in child team areas. So you may have base permissions as a member of Project P but have a greater role which adds a wider set of permissions on Team A. The problem I have is that this is all impacted by how we structure our project/teams and assign ownership and it seems that some of this conflicts when it comes to choosing the implementation. I feel like I need some further guidance here. Is there any resources that someone more experienced would recommend for understanding some of this? I guess the net is that I want to better understand: 1. How does the project/team hierarchy and inheritance impact visibility of team dashboards/queries? 2. How is the default everyone role impacted by permissions assigned to it in a project area when also using access control to limit access to members of the project area hierarchy? For example, if in Project P the default everyone role can create a work item, what is the difference for someone listed as a member of the project with no role vs someone who is not a member of the project? 3. What are the different options for restricting delivery (i.e. write access) to specific streams while still allowing read access to it? Are these the same or different for components? 4. What about options for restricting visibility of streams or components to some users? I think getting help in the form of guidance here in the forum or links to helpful articles will go a long way in helping us determine the right model to follow here. |
5 answers
Each member in a project/team area has the everyone role by default. You can't remove this role from a member. Only members have the concept of ROLE. That is to say, if a user is not a member of a project, he has NO role in this project and he will NOT have the permission that are granted to everyone role in this project.
For permission, you might be interested in this article: https://jazz.net/library/article/32. |
Here is an article about project areas and process you might be interested in:https://jazz.net/library/article/137
|
Regarding this:
Have you looked at this link https://jazz.net/downloads/rational-team-concert/releases/3.0.1?p=news#scm which shows the new RTC 3.0.1 possibility to make components or streams private to a team area (i.e. visible only to members of that team area) ? |
Thanks Christophe and Qiong Feng. I will review these links this weekend. I've read one of the articles about permission lookup behavior already. I will follow up with further clarifications after reviewing.
Regarding this:
Have you looked at this link https://jazz.net/downloads/rational-team-concert/releases/3.0.1?p=news#scm which shows the new RTC 3.0.1 possibility to make components or streams private to a team area (i.e. visible only to members of that team area) ? |
Geoffrey Clemm (30.1k●3●30●35)
| answered Nov 11 '11, 11:38 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Note that for Permissions and Operation Behavior, the search goes up the
team area parent chain, so in a child team area, you get all the permissions that you are granted by your roles in the parent team areas. Cheers, Geoff On 11/11/2011 4:23 AM, huangqf wrote: Each member in a project/team area has the everyone role by default. |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.