Roles in Field permissions expect project to go along with them

Issue #144 closed
Jóhann B. Guðmundsson
created an issue

Roles are global concept and supersede projects, groups and users.

They are applicable to all projects hence you should not have to select projects to go along with it.

If you want per project fine grained control then you introduce Time to SLA field permission role which can be configured globally via system --> project roles or left empty and configured per project. ( see for example tempo project manager as well as Tempo Permissions since you are expanding the permission handling in TTS as in who can see the Time To SLA dropdown menu so you need to replace field permissions with TTS permissions and have all permission configuration handled there )

Obviously this implementation does not scale to thousand of projects where administrator would have to create equal amount of field permissions to grant access and currently you cant even add more the one group or role to field permissions.

The field permissions should just contain. Logged in, Anonymous, User ( multiselect field as in you can select user a, user b, user c etc ), Group ( multiselect field as in you can select group a, group b, group c etc ), Role ( multiselect field as in you can select project role a, project role b, project role c etc ),

Comments (13)

  1. Tuncay Senturk repo owner

    Hi Johann,

    I just want to add a simple comment on why I added project with roles. JIRA API forces to give a project with role to see whether the user is granted or not. That's why they name it "Project Role" rather than "Role"

    Anyway, I do not think this issue is urgent and indispensable at the moment, so I am changing it to be trivial, and deal with it within the future versions

  2. Markus Hein

    Hi Tuncay,

    I would like to grant the right to see the values of the "sla fields" to the members of role "First level support" AND role "Support coordinator" and no other roles... This means: An user is assigned to role "First Level Support" in project A and project B and to role "Support coordinator" in project C. In project D this user is assigned to a role "Reader" (this role can only "browse projects" and "Add Comments"). This User should see the values of the sla fields only for issues of the projects A, B and C - bot not for issues of project D !

    Thanks and greetings, Markus

  3. Tuncay Senturk repo owner

    Hi

    Thanks for the comments.
    Markus, I think you want to be able to add multiple roles, and if the user has the role for the project he/she will see the field.

    We will be adding the role (only) feature but I can not give an exact time for that.
    Regards
    Tuncay

  4. Tuncay Senturk repo owner

    Hi folks,

    Just a question. Think of a scenario as below:
    - I have a role named Support for project1 but I do not have this role for project2
    - I want to give access for users with role "Support" to TTS Top Menu?

    What should be the result? Same for SLA Report access

    Thanks in advance for your comments.

  5. George Belousov

    Hi, Tuncay.

    I have a role named Support for project1 but I do not have this role for project2 I want to give access for users with role "Support" to TTS Top Menu? What should be the result? Same for SLA Report access

    Roles - global settings, if role exist in a system - it will be available in all projects. Roles may be empty - no users in it.

    I think that if you give access for users with role Support globally - without reference to any project = all users with role Support must have an access. If access given to Role with reference to Project - eg Support Role and Project1 = only users with role Support from Project1 must have an access.

    If you make a multiply select for access - all cases will be covered. Role globally, roles + project, etc.

  6. Jóhann B. Guðmundsson reporter

    It's expectation is exactly like I describe in comment one.

    The first scenario cant be since roles are system wide concepts hence exists on all projects always so you either fill them ( set global defaults ) in with predefined user(s) og group value(s) which then applies to all projects or you leave them empty and add user(s) and group(s) value per project.

    The implementation of this needs to support multiple users,multiple groups, multiple roles.

  7. Tuncay Senturk repo owner
    • changed status to open

    Thanks for the comments,

    In this release we will have some modifications in this screen.
    - Multiple selection for roles will be added
    - Project selection will be discarded for roles. For those accesses which are not related with project (Top Menu, SLA Report, etc) global role will be used. And for others (SLA fields), global roles and the project roles will both be used. (If user has global role or user has project role)

    We will have more modifications (such as multiple user, group selection within later versions)

    Regards
    Tuncay

  8. Log in to comment