Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Question regarding roles and permissions

We began our project area using the Eclipse Way Process and have done some customization, including the addition of new roles. Now, we'd like to assign permissions to those roles and take away permissions from the "Everyone" role. When we do this, we don't get the desired results.

Here is the scenario:

1. My teammate created the project area.
2. His id appears in the "Members" list on the project area page.
3. He created the teams.
4. He assigned me the "TechPM" role (one of our new roles) and added me to a couple of the team areas. My ID is not in the "Members" list on the project area page.
5. He changed the Project Configuration Permissions to allow only the TechPM role to "Save Project Area".
6. I updated the description on the Project Area page and tried to save it.
7. I get a "Permission Denied" error.

We have played around and see that if he puts me in the "Members" section on the Project Area page with the TechPM role, then I can save the Project Area.

I don't understand why that is necessary. The text on the Project Configuration Permissions page says that "A user can perform all actions granted to any of their assigned roles." To me, this implies that if I am assigned a role in any team, then I have the ability to do the actions that role can do.

What am I missing?

0 votes



One answer

Permanent link
Hi, Karen.

Role assignments in Jazz are inherited down the team area hierarchy, but
not up it.

So if you are assigned a role like "project manager" in the project
area, you will be considered a project manager in all team areas. But if
some leaf team area declares that you are a "project manager", you don't
suddenly gain escalated privileges through the entire project: you would
only be considered a project manager for that team and any sub-teams.

If you're interested, you can read all about the gory details of
permission lookup on these wiki pages:
https://jazz.net/wiki/bin/view/Main/ProcessPermissionsLookup
https://jazz.net/wiki/bin/view/Main/ProcessBehaviorLookup

Jared Burns
Jazz Process Team


wittlander wrote:
We began our project area using the Eclipse Way Process and have done
some customization, including the addition of new roles. Now, we'd
like to assign permissions to those roles and take away permissions
from the "Everyone" role. When we do this, we don't get
the desired results.

Here is the scenario:

1. My teammate created the project area.
2. His id appears in the "Members" list on the project area
page.
3. He created the teams.
4. He assigned me the "TechPM" role (one of our new roles)
and added me to a couple of the team areas. My ID is not in the
"Members" list on the project area page.
5. He changed the Project Configuration Permissions to allow only the
TechPM role to "Save Project Area".
6. I updated the description on the Project Area page and tried to
save it.
7. I get a "Permission Denied" error.

We have played around and see that if he puts me in the
"Members" section on the Project Area page with the TechPM
role, then I can save the Project Area.

I don't understand why that is necessary. The text on the Project
Configuration Permissions page says that "A user can perform all
actions granted to any of their assigned roles." To me, this
implies that if I am assigned a role in any team, then I have the
ability to do the actions that role can do.

What am I missing?

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Oct 01 '08, 1:55 p.m.

Question was seen: 3,391 times

Last updated: Oct 01 '08, 1:55 p.m.

Confirmation Cancel Confirm