RegisterLog In to Jazz.net dW

It's all about the answers!

Ask a question

JazzProjectAdmin permissions


V Niranjan (71375) | asked Aug 07 '12, 1:35 a.m.
Hi

CLM 3.0.1.2.

We have a customer who need's to setup permissions at the JazzProjectAdmin level.

For example Lets say there is a user (USERA) who is a part of the JazzprojectAdmin group and is  authorized to administer PROJECTA.

If there is another  project area PROJECTB  the user (USERA) is able to view the data of this project even though this user is not a part of this project. This is something which the customer does not want and considers it a breach.

The customer understands that there are permissions which can be setup at the project level.

Is there a way to setup that a user who is a part of the JAzzPRojectAdmin repository group is not able to view the data of some other project which he is not a part of it?

Regards
V.Niranjan


Accepted answer


link
Jared Burns (4.2k18) | answered Aug 07 '12, 7:43 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
The assertion that JazzProjectAdmins can read all project areas is mistaken. Only users in the JazzAdmins repository group have elevated read permissions.

You should work with your customer to understand why their USERA is able to access PROJECTB.

The answer will be one of the following. Either:
- PROJECTB's visibility is set to "Everyone"
- PROJECTB's visibility is set to "Members of the project area hierarchy" and USERA is a member
- PROJECTB's visibility is set to "Users in the access list" and USERA is in the access list
- USERA is a project administrator on PROJECTB

Otherwise, USERA will not be able to access PROJECTB.
Jared Burns selected this answer as the correct answer

2 other answers



link
Andrew Codrington (1693411) | answered Aug 07 '12, 10:35 a.m.
JazzProjectAdmin gives very broad permissions.
We've been able to get a lot done by assigning a regular JazzUser as a project administrator at the Project Area level.
e.g. make USERA a project administrator on the Overview tab in Project Area Administration of PROJECTA.
Then you can lock down PROJECTB to restrict USERA's access to whatever level you need.

Comments
Chris Goldthorpe commented Aug 07 '12, 1:21 p.m.
JAZZ DEVELOPER
I agree with this answer - JazzProjectAdmin should be assigned only to users who need to be able to create project areas or perform other administrative functions.

1
Jared Burns commented Aug 07 '12, 7:50 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Just to be clear, JazzProjectAdmins have the following additional permissions over a JazzUser: 1. They can create project areas. 2. They can edit process templates. 3. They can modify any project area they have access to, regardless of what the role-based permissions say.

-1
link
V Niranjan (71375) | answered Aug 09 '12, 3:30 a.m.
Hi Jared

I agree with you. Here actually the customer is having one central server for CLM for the entire organization and hence does not want to give JazzProjectAdmin access to multiple people as they may view at other project's data.

Regards
V.Niranjan

Comments
Jared Burns commented Aug 09 '12, 12:12 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
I think you may have misread my answer to this question. JazzProjectAdmin does *not* grant read access to project areas.

Your answer


Register or log in to post your answer.