I am a DBA and I work across all of our dev teams. I often will get a task on someone else's user story. I will not be a member of the team that the user story belongs to. I need a way to see all of the user stories that I have a task on so that I can easily track the status, etc of the overall user story.
We are using Rally/Agile-Central
The best way is to use the Custom List app and go to a location in the project hierarchy above anywhere you might have a story or task assigned to you. If you then ask it to filter on owner equals you, then it will give you the stories you own, but also the stories owned by someone else that you have a task assigned to you.
It does the equivalent of this query for you automatically:
((Owner = daniel#acme.com) or (Tasks.Owner = daniel#acme.com))
Related
Foreword: I've searched around on this question a fair bit and found answers which are close to a solution, but not what I'm looking for. So here I am, and I hope someone can help me. I'm relatively new to VSTS, so be gentle (or at least constructive) ;P
The Question: I'm looking for a way to restrict access to specific tickets (NOT by ticket type) that contain NDA protected data, whilst keeping them in the same backlog and iterations as the rest of the tickets related to a project.
We have many different NDA protected customers, so whilst creating a new ticket type per NDA, and restricting access to this, could work, it's not the solution I'm looking for.
Alternatively, I'm barking up the wrong tree, and there is an entirely different and "better way" to support this use-case?
Edit 1 - More info: Let's say I have 1 backlog for a product. It contains only 2 work items. It's important there is only 1 backlog for planning and overview by a product owner.
One of the two work items contains sensitive information only half the development team should have visibility to. How do I keep both tickets in the same backlog and iterations, but hide the sensitive one from some team members?
Thanks in advance for your time!
Regarding permission of work items in a team project, you can set the permission in area and iteration scope, but can’t for specific work items.
So, you need to put these work items in different area and manage permission for this area. Simple steps:
Go to team project admin page
Work=>Areas
Click New/New child, to create a new area.
Click …=>Security, set the permission for the group(s) or user(s)
Click the default team’s settings => Areas
Click + Select areas to add that area in order to show related work items (in that area)
I've created a solution where I created an authorization object which controls what can a user handle or watch in the program. This authorization object is defined with 3 elements:
Process
Activity
Material group
Through transaction 'PFCG' the BC creates the profiles according the requests that users make to have permission to some module of the program. For example, a user or a group of users will access to process 'A1' (Data update), activity '01' (Aproval) and material group 'A0A00001'. This means that these users could only aprove for process 'A1' the data for material group 'A0A00001'.
My problem here is that managers of the areas have told me that they feel uncomfortable making requests to the BC for permissions because they think that they should manage those profiles, and if they want to change those permissions they would like to have the control of them directly instead of making requests.
This is a situation where I don't know what to do, I have thought that I would make Z tables and a Z program to emulate those permissions exactly as they are handled now with transaction 'PFCG' but I feel like I'm reinventing the wheel.
Another thing that I have thought is to create a Z program that would be a layer of transaction 'PFCG' to automate the profiles for this authorization objects but in this case I don't know where to start because I would have to investigate if is there a BAPI for creating profiles and how to manage all the issues related with this management.
The other thing is leave it like that and do nothing, but sincerely I don't know what to do.
Do you have any suggestion on this issue? What can be done in this situation?
I am a developer. I have come across a scenario where I need to get the list of all user stories on which I had worked once but now its owner is some one else like QA. Now those user stories have QA person as owner so I can not write query as [Owner = 'MyName'].
Any idea?
Have you investigated the Lookback API (https://rally1.rallydev.com/analytics/doc/#/manual)? You can query the history of most Rally artifacts to look for ones of which you were once the Owner.
I haven't used Rally but, just thinking : since it was a story you worked on, there's a high chance you have added some comments on it, or possibly even created it yourself.
Is there a way to use this in your query?
For eg - [CommentBy = Adarsh Kumar], or [CreatedBy = Adarsh Kumar]
I use Rational Team Concert, and this may be a problem there too. If one modifies the design where you have a Dev owner, and a FVT owner, and give the ability to query on these two separate fields, it would be easier to track efforts at the end of the year eh? ;-)
How do I get users (not team members) of a given project using Ruby Rally Toolkit? I am trying to run a query to change the roles of all the users in a given project to "Editor", for that I need to get the list of all users of a project.
Unfortunately there's no easy way to get the list of all Users with ProjectPermissions in a Project. This endpoint:
https://rally1.rallydev.com/slm/webservice/v2.0/Project/12345678910/Editors
Will obtain a list of all Editors in a Project. However that doesn't help very much if you want to promote any Viewers in a Project to Editors - and there's no such collection as:
https://rally1.rallydev.com/slm/webservice/v2.0/Project/12345678910/Viewers
or
https://rally1.rallydev.com/slm/webservice/v2.0/Project/12345678910/Users
Although it would makes sense and be kind of nice if there were.
Unfortunately your only recourse is to query through all Users and their UserPermissions in your Ruby code, examine their ProjectPermissions, and operate on anyone having ProjectPermission.Role = Viewer for the Project of interest. Sorry there's not a better way, at least that I know of.
I'm diving into RBAC while designing new and rather big/complex site.
I'm trying to figure out if to create a task or simply an operation with biz rule.
Now, I've read most if not all existing documentation. The current documentation says that "a task consists of operations". This wiki article says that the different terms are simply naming conventions and the only limitation that exists is structural one - roles must include tasks (or other roles); tasks should include operations (or other tasks) and operations is the atomic term that is not further composed by other entities.
I've also read the relevant sections in the "Agile web dev..." and "Yii cookbook" books - both do not shed further light on this issue (at least as seen through my glasses).
Lets go to my example where I'll present the question. Actually, lets use an example similar to that demonstrated in most of the documentation resources mentioned above: Lets say I have a blog post and I want/need to have its author be able to "update own post". Now, why should this be a task as commonly demonstrated in the documentation resources and not an operation with a biz rule?
I think that the question above reveals the inclear definition of a "task" (in the RBAC context of course).
Please help me distill a better definition for an RBAC task.
EDIT:
I was suggested the following definitions of the mentioned terms that help conceptualize them in a useful way. In short and in its simplest form: operations are the basic building blocks. They are the material developers work with and only them. Developers compose tasks of and on top of operations. Roles are composed of tasks, like a set of tasks. Roles and tasks are what the site administrators should play with - assign and revoke to users but not operations.
That's a nice way to look and grasp those entities (roles, tasks and operations).
Do you have another option to conceptualize differently? Any comments will be appreciated.
TIA!
Boaz.
I'd say the same as you did in your question edit. A task is simply a composition of operations a user can do that have something in common. So you have for example operations oList, oView, oCreate and oUpdate these are the operation developer assigns to controller actions for access control, where the first two are only read- and the second two have write access to data (that's what they have in common). So you now want to combine those to tasks tInspect and tManage which both hold 2 operations, the first one can list and view and the second one can create and update. Optionally you could make tInspect a sub-task of tManage so a user that has tManage can list, view, update and create but normally you just give his role both tasks.
Regarding the classification of role -> task -> operation, they are essentially the same thing, as you can see in the code they are of class CAuthItem. We name them differently mainly from user point of view.
Operations are only used by developers and they represent the finest level of permission.
Tasks are built on top of operations by developers. They represent the basic building units to be used by RBAC administrators.
Roles are built on top of tasks by administrators and may be assigned to users or user groups.
The above is a recommendation, not requirement. In general, administrators can only see tasks and roles, while developers only care about operations and tasks.
Check this out : http://www.yiiframework.com/forum/index.php/topic/2313-rbac-confusion/page_p_16035#entry16035
if there are two user
1)admin
2)user
so we set role updatePost for update page.
and admin is parent of updatePost so admin can update.
user have updateOwnPost permission.updateOwnPost is parent of updatePost with bizrule.so if bizrule satisfy he can update