I am trying to implement a single Team Project with multiple sub-projects as recommended by this guy and this guy. I can control visibility of work items and source control folders but I cannot control visibility of iterations, teams, groups, and members. Say I have Team Project as the parent project of several sub-projects. Project1_Group has permissions only for accessing Project1_Area and Project1_Foler etc.
I place User1 in Project1_Team and Project1_Group and as expected that user can only see work items within that area. But User1 can go to their Administration page and see all iterations, teams and groups defined for the top level Team Project. User1 can even see groups that exist outside the Team Project by viewing the membership of each user within the current Team Project.
This is a lot of information. As far as I can tell, the minimum PROJECT-LEVEL permission I can give to a user is "View project-level information" (or GENERIC_READ at command line). Without this a user gets a 500 error. With it they get access to all information above. Is there some lesser Project-level permission that will allow full access to the relevant Area but deny read access to high level Team Project information?
No I don't think its possible. Iterations, teams and groups will be visible if you have access to the team project. If you want to permission everything in your project group I think creating separate Team Project is the only solution.
Related
We're running Jira 7.7.0 and Confluence 6.0.4
Our team is split into 2nd level support and 3rd level (us).
PROBLEM:
We would like to let 2nd level to do as much admin support as possible with as few permissions as needed.
1. The software offers for Core two admin groups, but both offer too many admin rights (Jira Administrators / Jira System Administrators)
2. Confluence has 2 groups Admins and users
DETAIL:
None of the global permissions of either permit, that we allow a group to
- Add Spaces
- Add projects
- Add users
- Add groups
but keep them otherwise out of all the rest
DESIRED
A way to have a super user be able to not just manage >existing<, but also add the entities mentioned above.
OPTIONS?
A) A plugin that enhances users to be "a bit" Administrator, BUT with ADDING feature (this does not seem to exists)
B) A plugin that hides the menu items, but would technically still enable the users to execute the tasks if a URL was known
QUESTION
- Does anyone have a hint on what plugin could manage this? Either permission or menu hiding?
- Is there a way to trick configuration to achieve this (I assume not)
Many thanks!
Carsten
There is an addon called Delegated Project Creator for Jira that address your request. To get it, search for it in the marketplace under "administration".
On the other hand you can tweak the UI of both apps to control access to options using Jquery. The addon Script Runner for JIRA has some options for this.
How can we restrict access to edit/move backlog boards in VSO from one section/column(New/Committed/Developed/Done) to another section/column(New/Committed/Developed/Done).
we are facing issues as there is no control on board movement for our project.
Thanks in advance.
To move backlogs from one section to another section on the Backlog Board, one needs to have the Edit work items in this node permission for the Area and Iteration path. You can deny the permission to disable the ability for that specific engineer.
Go to the team project admin page (https://vsoaccount.visualstudio.com/DefaultCollection/teamprojectname/_admin/_areas), right click the Area and select Security. Select the engineer you would like to set the permission to set disable that permission. See:
Per my above screenshot, user Victory Song can't move work items which is under Agile area. (and she can't edit work items under Agile area either.)
We have a project administrator for a collection of projects on TFS Online. We recently hired so he had to add the guy as a new member into the team.
However he cannot see one specific project we have, even with identical permissions as the other users. His account was created in the same way as the others.
Trying to help the guy out here I offered to try a few things and noticed, If I create a new project as a test. "Test1", and add him as a member, he can see this account fine when he logs in to TFS Online/Connects on Visual Studio.
Which leads me to believe that it's based on some visibility setting within TFS, even though the other members linked to the project can see it fine.
Any possible ideas for me to try?
You need to try and trace his effective permissions. It sounds like there is a denied somewhere.
If you open the admin for that team project and goto the security tab there is a box to add the users account. You should then see the effective permission on the right and he should have and Alowed in the "View project level information" permission.
If he does bot you can roll your mouse over it and click the "why" button and you will see where the overide is coming from.
I am needing to assign permissions to a project when it is created. I already created an event that runs when a project is created, but I'm not finding what methods of the PSI to use to assign permissions to groups and users within the project.
To clarify, what I want to do is the same as is done in the "Project Permissions" section but programmatically.
If you can add a bit of code, I'll thank you.
Sorry for my English :P.
Thanks
Diego
People and groups with their permissions come to Project through Security categories. In 2010 there are 2 kinds of the categories: Global categories defined in Server Settings -> Manage Categories and Project Category available through Project Permissions in Project Center. So this is about PWA.
For PSI all the things are available in WebSvcSecurity: http://msdn.microsoft.com/en-us/library/gg221489(v=office.14).aspx
Key methods are:
CreateCategories / CreateProjectCategories - to create any of this categories
ReadProjectCategory / ReadCategory - to query the categories
SetCategories / UpdateProjectCategories - to update the categories: add/remove users, grant/revoke permissions.
I have only recently started using Liferay 6.0. I have downloaded liferay-portal-tomcat-6.0.4_1 community edition.
First of all can you please recommend me some website and books or articles for Liferay 6.0? (The ones available on the Internet are for earlier versions...)
Secondly. I don' t seem to get the structure of Liferay. For example, how do organisation, communities, users, pages all fit in together?
Lastly, could you tell me how I could make a link on a page to point to a directory on the file system at the local machine of the user?
Thanks.
To work through Liferay internals is really tough but it's not impossible. There's no main source of documentation and people has to google around and forget things very easily without possibility to get back to the original source...
Organizations can form hierarchies as real organizations would.
Communities has similar role as organizations but from a different point of view.
The main difference consists in :
persistence - persists in time in
contrast to communities which appears
and disappears
administration - users “belong”
to an organization which means that
the the admin of an organization is
able to edit his profile. On the other
hand users “join” a community which
means that the community admin can
only manage the membership.
Relationship - organizations can
form a hierarchy while communities are
independent of each other
membership - users “must” belong
to an organization while joining a
community is optional
User groups - Unlike organizations and locations, user groups have no context associated with them. They are purely a convenience grouping that aids administrators in assigning permissions and roles to a group of users instead of individual users or assigning a group of users to a community.
Roles define permissions across the portal, an organization or across a community. There are functions like creation of a thread in a discussion forum. Problem is that there are forums across scopes like community, organization or the entire portal. So that portal role grants access to creation of a new thread in each and every discussion forum and community role just within a particular community.
I'm also a Liferay newbie but here's the general structure of Liferay in case someone is interested.
Organizations are a portal administrator mandated hierarchy. Organizations may have sub organizations that are administered by organization administrators in each organization. Each organization can have it's own pages.
Communities are like organizations but can't have sub communities and non-administrator users may be allowed to create them. Each community can have it's own pages.
Users are registered users who may have their own pages and may belong to any number of organizations and/or communities.
Pages are web pages that users with certain permissions can edit simply by selecting a predefined layout and adding/removing portlets and sub-pages.
Portlet is a web application that usually "runs" as part of a page in it's own window like container.
can you please recommend me some website and books or articles for Liferay 6.0?
Our liferay tag is a good place to start with. It contains all the relevant information about some useful websites and also some good books suggestion. And it is continually being updated.
I don' t seem to get the structure of Liferay. For example, how do organisation, communities, users, pages all fit in together?
Unlike for previous versions, the user-guide is really a good place to know some basic administration concepts like these.
could you tell me how I could make a link on a page to point to a directory on the file system at the local machine of the user?
I don't know exactly what you want or what is the requirement to do this, but giving <input type="file" /> would open the file browser to select a file or else you can use flash to achieve this or construct a link like Click to pen local folder - but this only works for windows and it opens the folder structure inside the browser itself and with IE it opens the Windows explorer.
Now, you can access Liferay documentation to learn more about liferay. Starting from v6.1 there are no communities. Now it has organizations and sites.
As far as I know, currently there is only one book for Liferay 6, from Jonas Yuan:
http://www.liferay.com/web/jonas.yuan/blog/-/blogs/liferay-book:-liferay-portal-6-enterprise-intranets