It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×42,792

question asked: Oct 01 '08, 1:55 p.m.
question was seen: 3,028 times
last updated: Oct 01 '08, 1:55 p.m.

Related questions

FAQ - How this Forum works

Question regarding roles and permissions

0
Karen Witt (1654) | asked Oct 01 '08, 1:55 p.m.
We began our project area using the Eclipse Way Process and have done some customization, including the addition of new roles. Now, we'd like to assign permissions to those roles and take away permissions from the "Everyone" role. When we do this, we don't get the desired results.

Here is the scenario:

1. My teammate created the project area.
2. His id appears in the "Members" list on the project area page.
3. He created the teams.
4. He assigned me the "TechPM" role (one of our new roles) and added me to a couple of the team areas. My ID is not in the "Members" list on the project area page.
5. He changed the Project Configuration Permissions to allow only the TechPM role to "Save Project Area".
6. I updated the description on the Project Area page and tried to save it.
7. I get a "Permission Denied" error.

We have played around and see that if he puts me in the "Members" section on the Project Area page with the TechPM role, then I can save the Project Area.

I don't understand why that is necessary. The text on the Project Configuration Permissions page says that "A user can perform all actions granted to any of their assigned roles." To me, this implies that if I am assigned a role in any team, then I have the ability to do the actions that role can do.

What am I missing?

One answer

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Jared Burns (4.5k29) | answered Oct 01 '08, 2:12 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi, Karen.

Role assignments in Jazz are inherited down the team area hierarchy, but
not up it.

So if you are assigned a role like "project manager" in the project
area, you will be considered a project manager in all team areas. But if
some leaf team area declares that you are a "project manager", you don't
suddenly gain escalated privileges through the entire project: you would
only be considered a project manager for that team and any sub-teams.

If you're interested, you can read all about the gory details of
permission lookup on these wiki pages:
https://jazz.net/wiki/bin/view/Main/ProcessPermissionsLookup
https://jazz.net/wiki/bin/view/Main/ProcessBehaviorLookup

Jared Burns
Jazz Process Team


wittlander wrote:
We began our project area using the Eclipse Way Process and have done
some customization, including the addition of new roles. Now, we'd
like to assign permissions to those roles and take away permissions
from the "Everyone" role. When we do this, we don't get
the desired results.

Here is the scenario:

1. My teammate created the project area.
2. His id appears in the "Members" list on the project area
page.
3. He created the teams.
4. He assigned me the "TechPM" role (one of our new roles)
and added me to a couple of the team areas. My ID is not in the
"Members" list on the project area page.
5. He changed the Project Configuration Permissions to allow only the
TechPM role to "Save Project Area".
6. I updated the description on the Project Area page and tried to
save it.
7. I get a "Permission Denied" error.

We have played around and see that if he puts me in the
"Members" section on the Project Area page with the TechPM
role, then I can save the Project Area.

I don't understand why that is necessary. The text on the Project
Configuration Permissions page says that "A user can perform all
actions granted to any of their assigned roles." To me, this
implies that if I am assigned a role in any team, then I have the
ability to do the actions that role can do.

What am I missing?

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.