It's all about the answers!

Ask a question

Permission Controls not working for Defects


Nick Ranns (2347) | asked Oct 31 '12, 3:14 p.m.
 Hello,

I have a Defect that I would like to disallow workflow movement based on your role.  Example: Tester and Developer.  I have unchecked the boxes for the workflow actions I am disallowing for that role, however, a person assigned the role is still able to change the workflow state.  Has this been reported before??  

Thanks,

Nick

One answer



permanent link
Jared Burns (4.5k29) | answered Oct 31 '12, 5:20 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Permissions are computed as a union of all applicable roles. So if someone is assigned the Developer or Tester roles, which don't have permission, they might still be getting permissions from some other role. You should double-check whether your users have some other role which *is* granted this permission.

Don't forget to check the "Everyone" role, which always applies to everyone in the repository. If you say "Everyone" can do something, then it will really mean everyone can do it.

Comments
Nick Ranns commented Nov 01 '12, 8:44 a.m.

I should have mentioned that I have the everyone role not working properly either.  All check boxes for the Everyone role are unchecked, yet a person assigned to the project without a role assigned is still able to perform actions that should not be allowed (i.e. create a work item).


Permissions are working fine for the rm and rqm applications, however, not restricting at all in the ccm application.

I also should mention I have version 4.0.

Thanks, 


Ralph Schoon commented Nov 01 '12, 10:25 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

Please read this carefully and check your configuration accordingly: https://jazz.net/library/article/291

As Jared points out, everyone has that everyone role. If you configured the Everyone role wrong you see exactly what you see now. You have to check on project and on team level. Your issue is probably on project or root team level in the Everyone role and there fore impacts you everywhere.


Nick Ranns commented Nov 26 '12, 3:59 p.m.

Ralph and Jared,

I appreciate the response, however, it seems my set-up is correct.  For the Everyone role, I have only allowed them to create personal dashboards.  With this being the case, I would not expect someone with the default role to be able to create a work item.  Could this be because the license assigned is Quality Professional? Does that automatically grant the permission of creating a work item??  


Nick Ranns commented Nov 26 '12, 4:21 p.m.

After reviewing a few other forums, I found that permissions can be set in not one, not two, NOT THREE but FOUR different places!!  Project, Team, Iteration Types, and Timelines.  The following forum discussion tipped me off to this: https://jazz.net/forum/questions/82317/why-dont-permissions-show-up-checked-in-the-web-ui


While the above permissions were correct, there was an Everyone role with the permission to save work items defined in the current Iteration, which I guess overrides the Project and Team permissions.

If anyone else is having the similar problem with permission not behaving properly, make sure you check all FOUR places.

Thanks,

Nick


Ralph Schoon commented Nov 27 '12, 1:37 a.m. | edited Nov 27 '12, 1:38 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

As already mentioned in my answer above, check https://jazz.net/library/article/291 and https://jazz.net/library/article/292 because it is similar for behavior. Behavior is even a bit more tricky, because the first behavior that is found is used.

Your answer


Register or to post your answer.