Before users can view project data, they need to have certain permissions assigned to them. There are several ways to give users these permissions, the three most common being:

  1. Give users permissions directly
  2. Add users to permission groups
  3. Add users to project teams

Each of these cases are discussed in more detail below.

Permissions

There are several permissions that give users access to view project data. The most basic permission is the GRS project permission.  

PermissionDescriptionValues
projectGrants access to the data associated with a specific project. You can use a regular expression to grant access to related projects. For example, if grs:project:Core provides access to a project called "Core", you can use the regular expression grs:project:Core \d\.\d to provide access to Core 1.0, Core 1.1, and so on projects.<project name> / <regex pattern> 

In addition to the project permission, there are three more granular permissions associated with viewing project data and modifying metadata.

PermissionDescriptionValues
viewSourceCodeEnables the ability to view source code associated with the project.<project name> / <regex pattern>
prioritizeOwnerEnables the user to set the priority of violations assigned to the user.<project name> / <regex pattern>
prioritizeAllEnables the user to set the priority of violations associated with the project.<project name> / <regex pattern>

See GRS Permissions for information about other permissions.

Use Case 1: Give users permissions directly

In this use case, you give specific users specific permissions for specific projects.  

Example

Suppose you have two projects: Core and Database. You want to give user john access to view project data, view source code, and suppress violations for Core, but only view the project data for Database.

You would assign the following permissions to user john:

  • project - set value to Core
  • viewSourceCode - set value to Core
  • prioritizeAll - set value to Core
  • project - set value to Database

See Assigning Native Permissions for more information about assigning permissions to users.

Use Case 2: Add users to permission groups

In this use case, you give specific groups permissions for specific projects, then you add users to the groups. Users in the group will inherit its permissions.

Example

Suppose you have two projects: Core and Database. You want to give users john and bob full access to Core, and you want to give users adam, carol, and david full access to Database. Rather than set permissions five times for five individual users, you can set permissions for two groups (core_group and database_group) and add the users to those groups.

You would set the following permissions to group core_group:

  • project - set value to Core
  • viewSourceCode - set value to Core
  • prioritizeAll - set value to Core

You would set the following permissions to group database_group:

  • project - set value to Database
  • viewSourceCode - set value to Database
  • prioritizeAll - set value to Database

You would add the following users to group core_group:

  • john
  • bob

You would add the following users to group database_group:

  • adam
  • carol
  • david

See Creating and Managing Groups for more information about creating groups and Assigning Users to Permission Groups for more information about assigning users to permission groups.

Use Case 3: Add users to project teams

In this use case, you add a team to the project, which automatically adds permissions to the team. Then you can assign users to the team in certain roles.

Example

Suppose you have project Core. You want to give users john and bob access to Core as team members, and you want to give user adam access to Core as the team leader. You would create a new team in Core, which automatically creates two groups in User Administration with the following permissions:

  • group: Core Team
    • permissions:
      • project - set value to Core
      • viewSourceCode - set value to Core
      • prioritizeOwner - set value to Core
  • group: Core Team Leaders
    • permissions:
      • project - set value to Core
      • viewSourceCode - set value to Core
      • prioritizeAll - set value to Core

You would add john and bob to Core Team.

You would add adam to Core Team Leaders.

There are two differences between Core Team and Core Team Leaders. First, there's the obvious difference with the prioritizeOwner and prioritizeAll permissions. Second, and less obvious, is that users in Core Team Leaders group will have team leader privileges, including access to Report Center Settings and to certain APIs that require team leader privileges.

See Adding Teams to Projects for more information about project teams and team membership.

  • No labels