We would like to update workflow, where Time Tracking module should only be visible to Assignee of the Issue.
We've tried assert, required but that only allows restriction on main field but Time tracking entries still gets generated.
In general you can't do that via workflow, because you can't limit visibility of anything from workflows.
FYI: there is a permission 'Update Work Item' which allows users to add work items. If a user doesn't have this permission, he can't add work items in the Time Tracking tab. There is a permission 'Read Work Item' which allows to view work items. In some cases you can configure your permissions so that only some users can view/edit work items.
Related
I have set up a form where when someone presses the "Submit" button it initiates a site workflow to create a list item. It all works well when I (full control permissions) do it, but if someone with contribute permissions tries, it fails. I tried adding an impersonation step, but that doesn't seem to be working either. Also, I am trying to record the person who created the list item, and the impersonation step uses my name (workflow author) for "Created By."
Any suggestions as to what I could've possible done wrong, or what I should try to do/add? Thanks in advance...
Simple answer is No.
As you can see the checkboxes in workflow property, you can set the trigger to be
trigger itself when item added or modified.
manually start by users.
For the read-only user, they are not able to click the "start a workflow" button. Also, these users do not have permission to add or modify list item.
You can configure your workflow with "impersonation step". In this way, the workflow will be running under the account of "workflow creator" instead of the user trigger the workflow. However, even you applied "impersonation step", the read-only user still not able to trigger a workflow
Is is possible to associate permissions for certain actions in MTM to predefined groups, so that the MTM UI will only allow the permitted actions to be active, hiding or disabling the unpermitted ones? For example if we have two groups, Testers and Business Analysts, only users from the Testers group can create a new test case. So if we take a look at the image below
the New button will only be available for Testers and will be disabled for other groups, like afore mentioned Business Analysts for example.
Is it possible?
We cannot exactly achieve that, but we can set permissions on the area path for the specific group in TFS to permit or restrict access to edit or modify work items, test cases, or test plans assigned to those areas. It will have the same restriction in MTM.
Please follow below steps to do that.
Go to Area tab, right click on the area your test plans belong to
and then click on "Security"
Grant rights for the specific groups to manage test plans. (eg , In
you case set Allow for Testers group and Deny for Business Analysts group). Of cause you can also set other permissions as needed, eg
Delete this node, Edit this node etc.
Thus, the users in Business Analysts goup can click the New button, but cannot save the work item, they will receive the error message ‘TF237111: The current user does not have permissions to save work items under the specified area path.’ when save the test case.
I am developing a POC (SahrePoint 2010) where I can demonstrate that the users can be granted certain permissions on a list for a Date range (for example contribute access for a selected week). I will be breaking permission inheritance and create unique permissions for a list.
I would like the permissions to be revoked automatically after the expiry date. Also, I would like to do this using the Manage Permissions list (_layouts/user.aspx) so that I don't have to maintain a separate list.
I have a couple of questions regarding this:
1. I assume that the custom permissions for any list must be stored n some list. How can get to know in which list the permissions are getting stored?
2. If at all I get to know in which list the permissions are getting stored, will I be able to add columns to that particular list?
I hope that the question is clear.
Permissions are not stored in any list. Rather, every securable object (including sites, lists, folders, and items) has a Role Assignments property that indicates what groups/users currently have access, and what their permissions are (if not inherited).
See the SPRoleAssignment class documentation for more information.
Note that the User Information list is not a "Manage Permissions" list; it stores profile information about users who access the site, but does not store any permission-related information. Further, it's not a typical list at all, in that it does not show up in the SPWeb.Lists collection for a subsite, and its fields are automatically populated by SharePoint's User Profile Service. While you could potentially add more columns to it, you'd be better off using a separate list to store and track your permission information instead of contaminating the site collection user info list.
To have permission changes take place based on an expiry date, you'll need to implement a time-based solution that runs on a regular basis to see if any changes need to be made, such as a custom timer job, a custom site workflow that runs on a schedule, or a Windows scheduled task.
I want that when a project is scanned and it's scan result is created only Admin and a specific user can see that project in dashboard and all other places and only he can access that project. Also I want to send email to that user when project was scanned.
I know I can assign role to user and set permissions for it by going to that project, but should I have follow all these steps for this? Can't I just select a user from UI so that only that selected user can view that project?
You must define project permissions for the scanned project with only that user and admin having the permission to "Browse" the project.
If you need to do that repeatedly you may use permission templates.
See http://docs.sonarqube.org/display/SONAR/Authorization#Authorization-ProjectPermissions.
In my case I wanted to Assgin one project to a whole group of users in SonarQube 6.7.3 so the steps where the following:
Administration->Projects->Managment->Actions(of the desired project)->edit Permissions
And then, I don't know why but the current users and groups registered are not shown instantly so what you need to do is to use the search tool and search for the group or user that you are looking for. They will appear below so you'll be able to tick the permissions that you want. Also you should select the private radio button so nobody but the users or groups you selected can access the project.
I'm using the AuthzPolicy-plugin to manage the permissions in a trac-env. Now I like to set a permission that disallow all users except for the admins to view tickets with a specific status.
I try a lot such as the following entry in the authzpolicy.conf:
[ticket:*/status:new]
#administrators = TICKET_VIEW
* =
Does the AuthzPolicy-plugin provides permission-setting for tickets with a specific status, owner or something else?
mutetella
Trac's permissions system is focused on the component level. You can turn on or off access to an entire component, but not to sub-content inside of that component.
That being said, you can create a plugin that emulates a more fine-grained permissions system. The plugin would need to implement IRequestFilter and inspect the URL of pages when they load. It would extract the ticket number from the URL, look up the ticket details in the database, and determine if the current user should view that page. If the user doesn't have permission, the plugin would re-direct the request to an error page. This is not too incredibly difficult to do (I've done it before to guard a specific wiki page), but it's hard to maintain because it's a separate permissions mechanism that's completely independent of Trac's permissions system.
TracFineGrainedPermissions can use any property represented in the resource path.
Revisions do, so you'll find an example explained as "John has BROWSER_VIEW and FILE_VIEW access to only revision 1 of 'somefile' at trunk/src/some/location only"
So the direct answer to your question is No, you can't do the same depending on ticket status, because all tickets look the same from the resource URL regardless of their status, sorry.
I agree, that you can resort to implementing a custom policy as already outlined by bta as a last resort.