It's all about the answers!

Ask a question

Permission Controls not working for Defects

Nick Ranns (2347) | asked Oct 31 '12, 3:14 p.m.

I have a Defect that I would like to disallow workflow movement based on your role.  Example: Tester and Developer.  I have unchecked the boxes for the workflow actions I am disallowing for that role, however, a person assigned the role is still able to change the workflow state.  Has this been reported before??  



One answer

permanent link
Jared Burns (4.5k29) | answered Oct 31 '12, 5:20 p.m.
Permissions are computed as a union of all applicable roles. So if someone is assigned the Developer or Tester roles, which don't have permission, they might still be getting permissions from some other role. You should double-check whether your users have some other role which *is* granted this permission.

Don't forget to check the "Everyone" role, which always applies to everyone in the repository. If you say "Everyone" can do something, then it will really mean everyone can do it.

Nick Ranns commented Nov 01 '12, 8:44 a.m.

I should have mentioned that I have the everyone role not working properly either.  All check boxes for the Everyone role are unchecked, yet a person assigned to the project without a role assigned is still able to perform actions that should not be allowed (i.e. create a work item).

Permissions are working fine for the rm and rqm applications, however, not restricting at all in the ccm application.

I also should mention I have version 4.0.


Ralph Schoon commented Nov 01 '12, 10:25 a.m.

Please read this carefully and check your configuration accordingly:

As Jared points out, everyone has that everyone role. If you configured the Everyone role wrong you see exactly what you see now. You have to check on project and on team level. Your issue is probably on project or root team level in the Everyone role and there fore impacts you everywhere.

Nick Ranns commented Nov 26 '12, 3:59 p.m.

Ralph and Jared,

I appreciate the response, however, it seems my set-up is correct.  For the Everyone role, I have only allowed them to create personal dashboards.  With this being the case, I would not expect someone with the default role to be able to create a work item.  Could this be because the license assigned is Quality Professional? Does that automatically grant the permission of creating a work item??  

Nick Ranns commented Nov 26 '12, 4:21 p.m.

After reviewing a few other forums, I found that permissions can be set in not one, not two, NOT THREE but FOUR different places!!  Project, Team, Iteration Types, and Timelines.  The following forum discussion tipped me off to this:

While the above permissions were correct, there was an Everyone role with the permission to save work items defined in the current Iteration, which I guess overrides the Project and Team permissions.

If anyone else is having the similar problem with permission not behaving properly, make sure you check all FOUR places.



Ralph Schoon commented Nov 27 '12, 1:37 a.m. | edited Nov 27 '12, 1:38 a.m.

As already mentioned in my answer above, check and because it is similar for behavior. Behavior is even a bit more tricky, because the first behavior that is found is used.

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.