Limit write access to work item only for "owned by"
3 answers
You should be able to write a custom precondition and use the "Read-only Attributes for Condition" precondition to get the desired effect. See https://jazz.net/library/article/997/#dyncondition for more information.
Comments
Lauren, there is one issue I was not able to solve yet. I can't get the UUID or name of the current user. If I could get that,it would be possible to create the condition in way that it checks the type and returns true only for the attributes and the type.
do you have a clue how to get the user?
Hi Ralph,
I don't know how to get the UUID or user name. You might be right that you need to create an Advisor.
Lauren, I will try to get more information on this, since it is really not an uncommon question.
Hi Ralph,
I just realized the Implied Attributes precondition somehow gets the current user. Maybe if you looked in that code, you could see how it gets the current user.
Script based would not work even in 4.0 since you can't access the user ID of the current user. At least I am not aware how to do that. Script based would also work across all work items. In an Advisor you could probably check individually for work item types etc.
Comments
@rschoon, My original question on write restriction to the owned-by is still valid. But I was looking at other methods of restricting the visibility.
It might make sense to split the questions into two topics, because visibility is a completely different matter and can get quite complex. Visibility has also consequences as it is impossible to save for a category that you can not see. So it is necessary to have a process to move work items across teams.
Repository groups are another approach.
All of the above are,as far as I know, not role based. Am I missing something?
I haven't looked deep enough into repository groups yet, and I am wondering if there is an automation that can make work items restricted to certain repository groups based on certain conditions automatically, without creating a plug in.
@rschoon, Agreed, they are not role based.
Comments
Chidambaram L
Nov 05 '12, 3:44 p.m.This feature was available in Rational Change. Rational Change 5.0 provides a rule based access restrictions where rules to define read/write access of Work Item. Rules can be defined based on combination of attributes values. Read / write access is given to individuals or LDAP groups. This is used to restrict visibility of work items of one team / vendor to another. This can also be used to prevent editing of work items except the owner.
RTC's feature of restricting read access of work items tagged to particular Work Item Category provides a similar solution. In addition to that Access Group introduced in RTC 4.0 is also helpful.
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Nov 05 '12, 8:29 a.m.You asked specifically for RTC and you asked specifically for based on the owner attribute. You did not ask for no visibility.
I don't think the LDAP approach is a solution. Access groups also restrict access completely. So, currently I am not convinced that your original question can be answered.