284168 - 'Self-editable' parameter for Users and Groups

Status: NEW

(Bugzilla :: User Accounts, enhancement, P4)

Description

[Shane H. W. Travis]

What I want is the ability for a user to add himself to/remove himself from 
groups which are specially-marked with the ability to do so. 

My initial design for this would be as follows:
- Add a parameter to group definitions called 'Self Editable' (or something
   akin to that; I'm not married to the name).
- Add a group, a la TimeTrackingGroup, into the Parameters page, called the
   SelfEditableGroup. People who are members of this group can add themselves
   to or remove themselves from any group that is marked as Self Editable.
- Add a section to the userprefs.cgi?tab=permissions page which is only visible
   to people in the SelfEditableGroup. This would list all the SE Groups, and
   show a checkbox to indicate if the user is currently a member of that group
   or not. The user can add himself to or remove himself from these groups at
   will.

So why is this needed? Mostly, for convenience for the users. Locally, all 
employees have universal access to all projects in Bugzilla... whether they 
want it or not. For many employees, this is a mixed blessing; sure, they can 
access any bug from any project anywhere, but they don't really need to or want 
to; all they really care about is their own project, and maybe the precursors 
if there are relevant bug reports stored there. Despite this, every project in 
the company shows up on the query page; every project shows up when they go to 
file a new bug; every project (and all the related components) shows up in 
various drop-down lists in various places around Bugzilla. Most of the users 
just don't care.

This capability would act as CanBless, but for themselves only. It removes the 
potential for anyone to modify another user's permissions (unless they have 
full on CreateGroups access). Yes, an admin can do this for them, as can 
someone delegated to the job who has CreateGroups access, but that may not be 
desired or even allowed in some companies due to policy or security 
restrictions.

Comment 1

[Max Kanat-Alexander]

So basically, it would just be a restriction of CanBless: For Self Only.

Comment 2

[Joel Peshkin]

Just be careful with it.  Don't let them parlay that into seeing a list of users
or groups thye shouldn't see.

Comment 3

[Frédéric Buclin]

I'm not a fan of this request. An admin has to correctly configure group privs anyway, so he could directly do it right and avoid the problem described in comment 0. About queries, people should learn how to select the right product and do queries in this product only.

My vote to wontfix this request. Bugzilla should become easier to administrate, not harder!

Comment 4

[Joel Peshkin]

I tend to agree with comment 3, but I have seen some value in using userprefs to clean up the UI by permitting the user to hide functionality that is only clutter for them.

Comment 5

[Max Kanat-Alexander]

I agree with both--it would be nice to have, but I'm not sure the benefit outweighs the complexity.

Comment 6

[Frédéric Buclin]

OK, I'm changing my mind a bit. Now that we can share saved searches with groups, it would be fine if we had a list of groups you could freely subscribe to so that you can use saved searches shared with these groups. One example: we could create a "Bugzilla" group with which I would share my Bugzilla-specific searches, and users interested in Bugzilla could subscribe to this group to be able to use my saved searches. This would avoid having to share our queries with the editbugs group as Firefox developers won't care about my queries. In the same way, some users with no privs may be interested in my queries anyway, but we have no way to share queries with them (unless an admin creates a 'public' group with .* as regexp).

I would also like to be able to share my queries with the world (i.e. with users having no account), but that's another request. ;)