I am needing to assign permissions to a project when it is created. I already created an event that runs when a project is created, but I'm not finding what methods of the PSI to use to assign permissions to groups and users within the project.
To clarify, what I want to do is the same as is done in the "Project Permissions" section but programmatically.
If you can add a bit of code, I'll thank you.
Sorry for my English :P.
Thanks
Diego
People and groups with their permissions come to Project through Security categories. In 2010 there are 2 kinds of the categories: Global categories defined in Server Settings -> Manage Categories and Project Category available through Project Permissions in Project Center. So this is about PWA.
For PSI all the things are available in WebSvcSecurity: http://msdn.microsoft.com/en-us/library/gg221489(v=office.14).aspx
Key methods are:
CreateCategories / CreateProjectCategories - to create any of this categories
ReadProjectCategory / ReadCategory - to query the categories
SetCategories / UpdateProjectCategories - to update the categories: add/remove users, grant/revoke permissions.
Related
We are using Azure Devops with our team, we want to have a space were other colleagues out of our team can add ideas about future project.
We created a specific Backlog "Wishlist" and give to some users a StakeHolder account. We added them to the members of this backlog.
We want them to be able to create ticket, but not to edit them (no delete, no chamgement of state ...)
Our team that have admin rights will be able to operate those work items (accepted, rejected, Active and Close)
I look for a solution to restrict those user from editing but was not able to found a successful way to do it.
-In Rules, We couldn't specify those specific rule about work Item edition
-In Project Settings / Permissions / Wishlist
we don't have any permision linked to the Work Items
-In Project Settings / Project Configuration / Areas / Wishlist / Security
We can set for specific users "Edit Work Items in this node" to Deny, but they will not be able to create Work items
If someone have an idea about how to deal with this request, it will be highly appreciated.
Thank you
Sorry, it's not able to do this right now.
A user needs to have the Edit work items in this node permission for some Area and Iteration path to create a work item.
There is no sperate permission for either creating or editing work item. This is by designed.
We're running Jira 7.7.0 and Confluence 6.0.4
Our team is split into 2nd level support and 3rd level (us).
PROBLEM:
We would like to let 2nd level to do as much admin support as possible with as few permissions as needed.
1. The software offers for Core two admin groups, but both offer too many admin rights (Jira Administrators / Jira System Administrators)
2. Confluence has 2 groups Admins and users
DETAIL:
None of the global permissions of either permit, that we allow a group to
- Add Spaces
- Add projects
- Add users
- Add groups
but keep them otherwise out of all the rest
DESIRED
A way to have a super user be able to not just manage >existing<, but also add the entities mentioned above.
OPTIONS?
A) A plugin that enhances users to be "a bit" Administrator, BUT with ADDING feature (this does not seem to exists)
B) A plugin that hides the menu items, but would technically still enable the users to execute the tasks if a URL was known
QUESTION
- Does anyone have a hint on what plugin could manage this? Either permission or menu hiding?
- Is there a way to trick configuration to achieve this (I assume not)
Many thanks!
Carsten
There is an addon called Delegated Project Creator for Jira that address your request. To get it, search for it in the marketplace under "administration".
On the other hand you can tweak the UI of both apps to control access to options using Jquery. The addon Script Runner for JIRA has some options for this.
I am trying to implement a single Team Project with multiple sub-projects as recommended by this guy and this guy. I can control visibility of work items and source control folders but I cannot control visibility of iterations, teams, groups, and members. Say I have Team Project as the parent project of several sub-projects. Project1_Group has permissions only for accessing Project1_Area and Project1_Foler etc.
I place User1 in Project1_Team and Project1_Group and as expected that user can only see work items within that area. But User1 can go to their Administration page and see all iterations, teams and groups defined for the top level Team Project. User1 can even see groups that exist outside the Team Project by viewing the membership of each user within the current Team Project.
This is a lot of information. As far as I can tell, the minimum PROJECT-LEVEL permission I can give to a user is "View project-level information" (or GENERIC_READ at command line). Without this a user gets a 500 error. With it they get access to all information above. Is there some lesser Project-level permission that will allow full access to the relevant Area but deny read access to high level Team Project information?
No I don't think its possible. Iterations, teams and groups will be visible if you have access to the team project. If you want to permission everything in your project group I think creating separate Team Project is the only solution.
I have two security roles ProjectLead and Developer ; also I have one custom entity named Project. Is it possible that ProjectLead and Project have 1:N relation(one ProjectLead can work in more than one Project)
and Developer and Project have 1:1 relation(one developer can work in one project)?
Thanks.
I don't understand your problem. You want make relationship between a role and a entity, this ins't possible and don't make any sense. You want restrict the access to projects? This can be done with roles, in Developer role for project entity you can put the read action in user option (just one level) like that the developer only viewed that project or if you have a team with many developers you that team can own that project.
For ProjectLead you can put access at Business unit level.
I'm new to TFS and we're loving it! I'm having a difficult time figuring out how best to organize TFS from version control and agile/scrum/sharepoint sites, keeping isolation of teams yet sharing of code and projects.
For this scenario let's say I have three teams. Team 1, 2, 3. I want each team to have access to only projects they work on, and each team to have isolation for alerts and notifications, sharepoint, agile, etc. So let's say there are 5 total projects.
Team 1:
--Project 1
--Project 2
Team 2:
--Project 1
--Project 4
--Project 5
Team: 3:
--Project 1
--Project 2
--Project 3
--Project 4
We have one collection setup, DefaultCollection. Right now I only have one team but this doesn't give us good isolation and separation of the features. How can I best configure TFS to keep separation of teams but not have separate code projects? Some projects are shared and this is the point of contention - I don't know how to handle this part.
Acme Widget has X projects and then we have a "Company Shared" with X projects. We may be working on different products such as Acme Widget 1, 2, 3 but all share and work on the Company Shared projects, i.e. Company.Utilities, Company.Windows, Company.Security.
Can someone please shed some light on how to properly configure TFS while we're early into the stages of use. We want to go beyond just version control as mentioned above. We want to use the Task, Bug, Alerts, Build, etc.
P.S. If anyone is a TFS sub-contractor that helps organizations configure their TFS setup I would entertain a professional consultation and configuration.
Since TFS and SharePoint aren't actually holding the user accounts (they are inside Active Directory). It would probably be easiest to create an Active Directory group for each team and place your users in that group. You can then still keep one project collection (no need to over-architect) and then everytime you create a new project within that collection you assign the permissions to that project (TFS, Sql Reports, and SharePoint) using the Active Directory groups. You should download the free TFS Administration tool to manage permissions and when a user joins/leaves a team then you can manage that directly in Active Directory without changing TFS, Sql Reporting or SharePoint. This seems to be a very common approach starting when this issue arose from early SharePoint days when admins were trying to independently manage SharePoint groups and Active Directory groups.
I would suggest that you look at this:
http://blogs.ripple-rock.com/colinbird/2012/11/19/MultipleTeamsWithMicrosoftTeamFoundationServer2012VisualStudioScrumV2xUpdated1452013.aspx
This shows you how you can have multiple teams, which each of theirs board, tasks etc.
We use this in our company because its the same project, but 2 different teams. Then it works perfectly because we have the hierarchy of teams:
-- Project (level 0)
---- Team A (level 1)
---- Team b (level 1)
In that way we can assign stories or tasks to either the one of those, and if they are assigned to the project level (level 0), then it will appear on all teams.