Jazz Security and Project Areas
Once you have authorized a user to a jazz repository (read and write access), does that user now have full access to all of the project areas in the repository?
I've setup my Jazz server running under WebSphere and LDAP. I authorized a new user to the repository. I was very surprised to see that that new user could access any of the project areas, and even make themselves a team leader of any project area. Is this a limitation of the beta? (I'm using beta1 update 1) or have I set something up wrong?
I've setup my Jazz server running under WebSphere and LDAP. I authorized a new user to the repository. I was very surprised to see that that new user could access any of the project areas, and even make themselves a team leader of any project area. Is this a limitation of the beta? (I'm using beta1 update 1) or have I set something up wrong?
One answer
The fact that they can see the project area is a current limitation.
The fact that they can make themselves a team leader is configurable in
process permissions. The process specification in the project area
contains a section which looks like so:
<static>
<role id="default">
<static-operation id="com.ibm.team.process.server.saveProjectArea">
<permissions>
<action id="any"/>
</permissions>
</static-operation>
</role>
</static>
This particular configuration says that anyone can make any change to
the project area. If you want to change this so that only team leads can
modify the project area, for example, you would simply change the
"default" to "teamlead".
- Jared
karasiuk wrote:
The fact that they can make themselves a team leader is configurable in
process permissions. The process specification in the project area
contains a section which looks like so:
<static>
<role id="default">
<static-operation id="com.ibm.team.process.server.saveProjectArea">
<permissions>
<action id="any"/>
</permissions>
</static-operation>
</role>
</static>
This particular configuration says that anyone can make any change to
the project area. If you want to change this so that only team leads can
modify the project area, for example, you would simply change the
"default" to "teamlead".
- Jared
karasiuk wrote:
Once you have authorized a user to a jazz repository (read and write
access), does that user now have full access to all of the project
areas in the repository?
I've setup my Jazz server running under WebSphere and LDAP. I
authorized a new user to the repository. I was very surprised to see
that that new user could access any of the project areas, and even
make themselves a team leader of any project area. Is this a
limitation of the beta? (I'm using beta1 update 1) or have I set
something up wrong?