I was asked to grant permissions to several TFS users.
These users must have access to one branch only. How can I do this?
I'm going to create new TFS user group and deny access to root of Source Control, then allow access to necessary branch. What do you think?
That is the correct approach.
It doesn't work. Because Deny permission has higher priority than Allow even Deny even if it exist on parent. Deny permission always override Allow permissions. If you are using TFVC as source control, you could set the permission of root to "Not Set" and in then set "Allow" access to the branch you needed.
Remember that in GitVC it's a little diffrent.
Related
We have an issue. User is in the Contributors group of the VSTS project. Able to view dashboard and work items. Unable to view Repos. Need help. Any suggestions?
User needed an MSDN license to use Visual Studio in addition to being in the correct group of the VSTS project. Trial license was not good enough.
According to your description, highly doubt those users only have Stakeholder access level.
People with Stakeholder access level could not commit their work on branch and unable to view repos.
Assign Stakeholder access to those users who need to enter bugs,
view backlogs, boards, charts, and dashboards, but who don't buy basic access. Stakeholders can also view releases and manage release
approvals. Stakeholder access is free.
Source Link: About access levels
See Stakeholder access for details of features available to stakeholders.
The user should have either Basic access or Visual Studio subscription which include code feature.
Moreover, if it's still not able to see any other projects after giving them those access. There is another concept called Permissions in Azure DevOps. Double check the permission for Contributor group.
Also make sure you have not add them to any other project team group expect the contribute group.
Once deny the Read permission for repos level, user will not be able to see the repos.
Read
Can read the contents of a file or folder. If a user has Read
permissions for a folder, the user can see the contents of the folder
and the properties of the files in it, even if the user does not have
permission to open the files.
I've a requirement, where I need to add a few users from the UI. I'm working with "developer" access to the project in GitLab. Even if already a few users are added with different access while the project is created and only users added from the UI to perform developer role without making any changes in the project.
Is it possible and how to implement it?
"Overwriting" permissions is not possible and if you want to simulate this behavior you could create a new group and share this project with another group. Then you would need to deny access to individual group members. See this permission matrix.
for example, 2 extranet roles in sitecore Role1 and Role2
Role1 is block access to item, Role2 - allow access.
I need to have behavior that revers default sitecore behavior:
5.3 How Access Rights Affect Each Other In Sitecore, every user and role can be a member of several roles. When a security account has
been assigned several roles, the access rights that the different
roles possess are added together. The security account is therefore
assigned the accumulated access rights of all the roles that it is a
member of. However, if a security account is assigned two roles and
one of the roles is denied a specific access right to an item and the
other role is granted this access right to the same item, the access
right is denied for this security account. In other words, deny
always overrules grant when access rights are accumulated.
Is it possible to do via some sitecore settings or etc ?
Thanks.
What is the behaviour you want then? If someone has both Role 1 and Role 2 - Do you want that person to have see it?
In that case you'll be better off removing inheritance on Role 1 in stead of denying access. Denying access basically tells Sitecore to start over from a specific point. Role 2 can then get the access again.
Have a read through this: Best Practices from TheClientView. The very first example sounds like what you're trying to achieve:
There is a role A that denies a write access to a “/home/contact us”
item.
There is a role B that allows write access to the item. There is a user AB that
should have power of both roles A and B. But due to explicit deny permission on
the item, the user won’t be able to get write access on it. When you break the
security inheritance it sets permissions into default deny state, which could be
overridden, by setting up explicit allow access on a role. But explicit deny
access can never be overridden by explicit allow access.
I have a browser:page setup in Zope, and I have:
permission="zope2.Public"
My question is what should I change this to in order to allow only Plone administrators access, and/or logged in (non-administrators) access to this page?
On Zope, you control access to views via permissions, but to permit someone to access a given permission, you must grant such permissions to a role.
Anyone in the Plone administrators group has been granted the Manager role (on Plone 4.2 that'll change to the SiteAdmin role) generally have access to most permissions. There is also the automatic Authenticated role, which is given to anyone that has been authenticated (has logged in). The latter doesn't have many default permissions though.
Permissions are generally named after the action you want to permit. If your view's goal is to manage some aspect of your Plone portal, then the cmf.ManagePortal permission is probably what you want. You can check the full list of default permissions if you need another one.
There is some excellent documentation on how security works in Plone, which includes information on how to define new permissions too, and how to assign existing permissions to roles.
permission="cmf.ManagePortal"
This setting is about permissions not about roles.
I want to move a page between sites from a site collection.
I am getting result as :-
Operation Failed.
Access Denied. Not enough permission.
When I login as Site administrator, I can move page between sites.
The user with contribute permission cannot move pages between sites.
Please help me for this issue...
It looks like the permission level issue.
Instead using the default permission levels (Contributor in your case, which has no rights to manage web), you should probably create a custom permission level that has permissions fits your need.
Please go read
http://office.microsoft.com/en-us/sharepointtechnology/HA101001491033.aspx
Hope it helps
James is correct, you need more permissions.
If you don´t wan´t to add those permissions to the users you could create your own "move" function that uses elevated permissions to do the copying. Things to look out for though is that you would have to "restore" the current users credentials on the createdby and modifiedby columns after the move since those will be sharepoint\system when elevated.