It's all about the answers!

Ask a question

Limit write access to work item only for "owned by"


Chidambaram L (23414283) | asked Nov 05 '12, 3:04 a.m.
I am using RTC 3.0.1.1.

I can restrict write access of a work item for a particular project role.

How to restrict write access (to all attribute) based on Owned-By attribute. None other than owned-by should not be able to edit the work item.

- Chidambaram
ALM Consultant

Comments
Chidambaram L commented Nov 05 '12, 8:17 a.m. | edited Nov 05 '12, 3:44 p.m.

This feature was available in Rational Change. Rational Change 5.0 provides a rule based access restrictions where rules to define read/write access of Work Item. Rules can be defined based on combination of attributes values. Read / write access is given to individuals or LDAP groups. This is used to restrict visibility of work items of one team / vendor to another. This can also be used to prevent editing of work items except the owner.

RTC's feature of restricting read access of work items tagged to particular Work Item Category provides a similar solution. In addition to that Access Group introduced in RTC 4.0 is also helpful.


Ralph Schoon commented Nov 05 '12, 8:29 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

You asked specifically for RTC and you asked specifically for based on the owner attribute. You did not ask for no visibility.

I don't think the LDAP approach is a solution. Access groups also restrict access completely. So, currently I am not convinced that your original question can be answered.

3 answers



permanent link
Lauren Hayward Schaefer (3.3k11727) | answered Nov 05 '12, 7:27 a.m.
JAZZ DEVELOPER
Hi Chidambaram,
You should be able to write a custom precondition and use the "Read-only Attributes for Condition" precondition to get the desired effect.  See https://jazz.net/library/article/997/#dyncondition for more information.

Comments
Ralph Schoon commented Nov 05 '12, 8:26 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

Lauren, there is one issue I was not able to solve yet. I can't get the UUID or name of the current user. If I could get that,it would be possible to create the condition in  way that it checks the type and returns true only for the attributes and the type.

do you have a clue how to get the user?


Lauren Hayward Schaefer commented Nov 05 '12, 8:31 a.m.
JAZZ DEVELOPER

Hi Ralph,
I don't know how to get the UUID or user name.  You might be right that you need to create an Advisor.


Ralph Schoon commented Nov 05 '12, 8:55 a.m. | edited Nov 05 '12, 8:56 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

Lauren, I will try to get more information on this, since it is really not an uncommon  question.


Lauren Hayward Schaefer commented Nov 14 '12, 6:57 a.m.
JAZZ DEVELOPER

Hi Ralph,
I just realized the Implied Attributes precondition somehow gets the current user.  Maybe if you looked in that code, you could see how it gets the current user.


permanent link
Ralph Schoon (63.2k33646) | answered Nov 05 '12, 7:45 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
The only option that might work that I see right now is a java based Advisor.

Script based would not work even in 4.0 since you can't access the user ID of the current user. At least I am not aware how to do that. Script based would also work across all work items. In an Advisor you could probably check individually for work item types etc.

Comments
Chidambaram L commented Nov 05 '12, 8:40 a.m. | edited Nov 05 '12, 3:46 p.m.

@rschoon, My original question on write restriction to the owned-by is still valid. But I was looking at other methods of restricting the visibility.


Ralph Schoon commented Nov 05 '12, 8:54 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

It might make sense to split the questions into two topics, because visibility is a completely different matter and can get quite complex. Visibility has also consequences as it is impossible to save for a category that you can not see. So it is necessary to have a process to move work items across teams.

Repository groups are another approach.

All of the above are,as far as I know, not role based. Am I missing something?
I haven't looked deep enough into repository groups yet, and I am wondering if there is an automation that can make work items restricted to certain repository groups based on certain conditions automatically, without creating a plug in.


Chidambaram L commented Nov 05 '12, 9:20 a.m. | edited Nov 05 '12, 3:46 p.m.

@rschoon, Agreed, they are not role based.


permanent link
Geoffrey Clemm (30.1k33035) | answered Nov 05 '12, 3:49 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
edited Nov 05 '12, 3:52 p.m.
You probably are interested in the functionality requested by work item Add special "owner" and "creator" roles, that specifies what the "owner" and "creator" respectively of an object can do to the object (88779) .  If this is the kind of thing you had in mind, please feel free to add a comment to that work item indicating your interest/support.

Comments
Jason Lin commented May 19 '14, 1:07 p.m.

This function is very important to all users, but I can't understand why it hasn't on enhancement list even this RFE created by 2009.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.