Process Permissions API
Hi,
We are building a Jazz plugin that installs new service with operations/actions permissions.
After the Server installation, what is the appropriate way to change (programatically) the process configuration in order to set default permissions?
As it is today, no permission is set so user/admin has to setup permissions manually before using the product, which hampers the out-of-the-box experience.
Note: Since it is not a very sensitive information (configuration of project/team site urls), we think of allowing it by default, at least for some roles.
Thanks,
Dekel
We are building a Jazz plugin that installs new service with operations/actions permissions.
After the Server installation, what is the appropriate way to change (programatically) the process configuration in order to set default permissions?
As it is today, no permission is set so user/admin has to setup permissions manually before using the product, which hampers the out-of-the-box experience.
Note: Since it is not a very sensitive information (configuration of project/team site urls), we think of allowing it by default, at least for some roles.
Thanks,
Dekel
3 answers
Hi, Dekel.
At this time, there is no support for automatically adding permissions
when new plugins are installed. Administrators are responsible for
determining what the permissions should be for the new functionality on
a case-by-case basis.
If you think about this in a general sense, I'm not sure that we would
want to change this Projects are generally configured with carefully
crafted permissions, which deliberately grant only the required
operations to each role. I don't think it would be right for our tools
to automatically go in and start granting permissions for other
operations. If you disagree, please file a workitem with your thoughts
and we can reconsider.
Jared Burns
Jazz Process Team
dekelc wrote:
At this time, there is no support for automatically adding permissions
when new plugins are installed. Administrators are responsible for
determining what the permissions should be for the new functionality on
a case-by-case basis.
If you think about this in a general sense, I'm not sure that we would
want to change this Projects are generally configured with carefully
crafted permissions, which deliberately grant only the required
operations to each role. I don't think it would be right for our tools
to automatically go in and start granting permissions for other
operations. If you disagree, please file a workitem with your thoughts
and we can reconsider.
Jared Burns
Jazz Process Team
dekelc wrote:
Hi,
We are building a Jazz plugin that installs new service with
operations/actions permissions.
After the Server installation, what is the appropriate way to change
(programatically) the process configuration in order to set default
permissions?
As it is today, no permission is set so user/admin has to setup
permissions manually before using the product, which hampers the
out-of-the-box experience.
Note: Since it is not a very sensitive information (configuration of
project/team site urls), we think of allowing it by default, at least
for some roles.
Thanks,
Dekel
The problem for us, is that the installation and first-time-out-of-the-box experience is hampered, and requires too many steps.
The general scenario is that a user fails to execute an operation she has no permissions for.
It would be great if the team advisor "Solutions" link will open the process configuration permissions, selecting the relevant permission in the user role.
Even when the user is not entitled to edit permissions, it can clarify easily what role the user needs to be associated with (browsing the near by roles).
What do you think?
Dekel
The general scenario is that a user fails to execute an operation she has no permissions for.
It would be great if the team advisor "Solutions" link will open the process configuration permissions, selecting the relevant permission in the user role.
Even when the user is not entitled to edit permissions, it can clarify easily what role the user needs to be associated with (browsing the near by roles).
What do you think?
Dekel
We certainly envision the kind of introspection tooling that you're
talking about here for future releases.
Also, for your reference, here's the Jazz workitem that talks about the
notion of "process fragments" which I think addresses your scenario:
29537: Support for process specification fragments (29537)
https://jazz.net/jazz/resource/itemName/com.ibm.team.workitem.WorkItem/29537
This item is on our plan for Foundation 1.0:
https://jazz.net/jazz/resource/itemOid/com.ibm.team.apt.IterationPlanRecord/_ef2K4I9eEd2hi7jsNHJGqw
Jared Burns
Jazz Process Team
dekelc wrote:
talking about here for future releases.
Also, for your reference, here's the Jazz workitem that talks about the
notion of "process fragments" which I think addresses your scenario:
29537: Support for process specification fragments (29537)
https://jazz.net/jazz/resource/itemName/com.ibm.team.workitem.WorkItem/29537
This item is on our plan for Foundation 1.0:
https://jazz.net/jazz/resource/itemOid/com.ibm.team.apt.IterationPlanRecord/_ef2K4I9eEd2hi7jsNHJGqw
Jared Burns
Jazz Process Team
dekelc wrote:
The problem for us, is that the installation and
first-time-out-of-the-box experience is hampered, and requires too
many steps.
The general scenario is that a user fails to execute an operation she
has no permissions for.
It would be great if the team advisor "Solutions" link will
open the process configuration permissions, selecting the relevant
permission in the user role.
Even when the user is not entitled to edit permissions, it can clarify
easily what role the user needs to be associated with (browsing the
near by roles).
What do you think?
Dekel