Currently I am workin on a rails app which has users and projects. Each user has a role of admin from the start, so they have full access on their projects. But a user1 can be assigned to other projects created by user2, so that means the user2 will select one users1, it will give him the role of moderator, on projectA.
I was thinking in creating a link table between user role and project, is this the best approach?
Thank you.
No i think you should model usergroups and assign new users to the adminGroup. Then you create the moderatorsGroup and add the user1 to the project as member of this group. So you have a matrix. Usersname | Project1 groups | Project2 groups.
This way you can have several roles in mutliple projects. Then you just have to keep the groups project specific.
Related
I created a simple car rental in D365FO with 3 tables Cars ,Customers, Rentals and I'm working on security I give them Privileges and duties and roles and I want to ad XDS to them i don't know how to do it
I didn't find how to do it every solution gives me error
I am working on a system build in ruby on rails. We using rails admin to display all data.
We will have 3 different types of clients, Client1 (carshop), client2 (Headquarters with many carshop, like fransice) client3 (Subcontractors)
Client 1, and client2 is basicly same type of client, but but client2 have a headquarter, and many carshops below as a chain.
The headquarter should be able to view all data from all the carshop that belong to headquarter, create user logins for each shops, but all shops is independent from 1 shop to another (The shops that belongs to the headquarters cant see each other data, like order historic)
Hope my question make sense to you.
Thank you in advange.
trying to create a user that have permission to create sub users that belongs to the users admin panel, but only can see data that the user have given permission to.
My question is how to create client specific projects in JIRA cloud, so that clients can't view company's internal project and are restricted to their own project view in JIRA?
You'll have to configure:
User Groups
Project Roles
Project Permissions
Typically your customer users are part of a customers group. Your internal users are part of other groups, e.g. internal.
Within a project you have different roles. You can assign groups to a role, ie. customers can have the users role in the project that is relevant to them. Your internal people can for example be in the developers role of projects that are relevant to them.
In a project's permission scheme, you then configure which permissions correspond to each role. If you assign the browse permission to the users role, and the customers group has that role, then they will be able to view the issues in that project.
If you don't put the customers group in a role then they won't be able to see or do anything with the issues in that project.
I am having a little difficulty understanding when a person should configure JIRA permissions using groups and when they should use project roles. I have read the online documentation, however, the difference between the two seems subtle.
A group seems simple enough. Group users into a named bucket. Assign the group to one or more permissions within a permission scheme to enable access to functionality for any users within the group. Assign the permission scheme to a project to apply the permissions to that project.
A project role seems very similar. It does all of the above except that you can also add groups to project roles. It seems that a project role also allows a project administrator to add their own users to a project instead of requiring a system administrator.
However, I am not sure how I can leverage this. Here is an example of what I want to achieve.
Have multiple projects created in JIRA.
All of our managers, developers, etc. have the same permissions across all projects.
Our clients have access only to their projects.
I think that the best way to accomplish this is to:
Create an employees group to which I add all of our employees.
Create one or more project roles to which I add the appropriate clients.
Assign permissions to the Default Permissions Scheme using the employees group.
Copy the Default Permission Scheme to a new project specific scheme, e.g., client-scheme
Assign the client-scheme to the client specific project.
However, it seems that I am not leveraging project role membership. How does this come into play?
What is the best practice for using JIRA groups and project roles? What is the different between the two?
We are advising to work with roles as it has a couple of advantages
a. You can setup the complete configuration based on roles.
For instance you might have a workflow transition 'validated' which can only be executed by someone who is a tester.
You have the choice to add a transition condition 'user is in group tester' or 'user has the role tester'.
If you are working in an organisation where users have different roles in different projects, choosing the first transition condition (user is in group tester) will not work (or you would need a new workflow for each project)
The same applies for notifications.
You can configure a notification on the 'issue resolved' event, specifying that the 'users in group tester' get notified or 'users who have the role tester'.
When using roles, adding someone to a project is very simple - just check what role the person has in the project, add them in the project configuration (view members) and you are done. He will have the right permissions, get the right notifications ...
b. Configuration
When you use roles for configuration, you don't need system administration rights to add someone to a project. The project lead will be able to add the user. No need to bother the system admin.
Looking at your description, I would have
A project role 'employee'
A project role 'customer'
A group 'employees'
configure the project role such that the group employees is a default member of the project role employee
This way you can use the same permission scheme for all projects. When adding a new project, you just need to add the client specific userid to the client role.
When a new employee start, you add him to the employees group.
The day that you have a specific, ultra secret project, where only a couple of employees need to have access, you can remove the group 'employees' from the role 'employee' and add the specific users to the role.
Hope this helps
Francis
Historically, JIRA had groups first. Then roles came along and are the recommended way to control authorization in most cases.
~Matt
Groups are global. Roles can be thought of as per-project (local) groups.
Roles are much better: else with a large number of projects you quickly end up with a proliferation of Groups and permission schemes (one per project).
You lose nothing by using role-based permission schemes, since you can add a Group to a role.
But you gain a lot of flexibility. Eg you'd currently have the Employee role be filled with your Employees group for every project, but as your company and complexity grows, you can have different Employees per project, without having to change the permission schemes
The problem: client needs a website to serve 10+ customers, each customer has 5-10 people they wish to grant access using login & user name, once "logged in" the user can download files specific to their company.
The files will be uploaded to a directory under the customer name, and displayed as a list. Currently using membership for all of the users, it's just the "by customer" segmentation I'm wondering about. the question being under ASP.NET MVC what is the cleanest or simplest approach to solving the customer segmentation, trying to avoid customer membership provider so was going to use the roles to assign customer group.
Thoughts appreciated.
In the past I tried to avoid the membership and role providers as well since I don't like the way they are implemented. So just use the old school way. Create two tables on your db, one stores the customers the other the users.
Just build a simple relationship like: User n ----- 1 Customer
Now if a user logs in first authenticate him/her against the User table, then authorize on the Customer table.
The provide the right downloads, just create an additional table File, which has a n:1 relationship to the Customer table (like the User table).