Closed Bug 405119 Opened 17 years ago Closed 17 years ago

Member of editcomponents can create products. Require an additional cancreateproducts group

Categories

(Bugzilla :: Administration, task)

3.0.1
x86
Linux
task
Not set
normal

Tracking

()

VERIFIED DUPLICATE of bug 189627

People

(Reporter: c.naslain, Unassigned)

References

()

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.5) Gecko/20070718 Fedora/2.0.0.5-1.fc7 Firefox/2.0.0.5 Build Identifier: 3.0.1 In version 3.0.1, members of editcomponents can create products, components, version, milestones and set Edit Group Access Controls. It would be great to have two levels of rights for product administration: - One to create the product itself and set Edit Group Access Controls - One that can manage the components, Target milestones and versions (in my cas, this is delegated to QA team who are not admins. The reason for this is that members who creates products often requires user and group admin as well. Version & milestones and sometime components are manages by non-admins; in my case delegated to QA Team as they manage releases. Suggestion: - Create a default system group named cancreateproducts - Modify this is delegated to QA team who are not admins. The reason for this is that members who creates products often requires user and group admin as well. Version & milestones and sometime components are manages by non-admins; in my case delegated to QA Team as they manage releases. Suggestion: - Create a default system group named cancreateproducts - Modify editproducts.cgi and ask for $user->in_group('cancreateproducts') for the following actions: * add * new * editgroupcontrols * updategroupcontrols All other actions can be assigned to editcomponents members. Reproducible: Always
Version: unspecified → 3.0.1
This feature is already available in Bugzilla 3.0, read the documentation.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
From the Bugzilla documentation (http://www.bugzilla.org/releases/3.0/new-features.html#v30_feat_ppp): "Per-Product Permissions: You can now grant users editbugs and canconfirm for only certain products. You can also grant users editcomponents on a product, which means they will be able to edit that product including adding/removing components and other product-specific controls." OK. This is controlled into the product settings. So if I check the "editcomponents" option for my product, I grant anyone in the product group the editcomponents right for this product. My Bugzilla configuration: - One group per product (ie makeproductgroups config enabled) - Each product "Group Access Controls" is set to: * Entry: checked * MemberControl: Mandatory * OtherControl: Mandatory * Canedit: Checked We manage a large amount of products/groups for different populations. To post/edit, a user must be member of the group that controls the product. This means that all users of a product are member of the product group. We also have some users that are member of the editcomponents system group; to add versions, milstones and components (but also by extension have access to 'Add new product' and 'Group Access Controls' which is not a privilege that we wish them to get). If I check the new "editcomponents" option from the product "Group Access Controls", I will grant all members of the group (ie all users of the product) the right to add version, milestones, components etc. This is definitely NOT what we want to do. More, this right also give all members the access to 'Group Access Controls' wich is not a functionnality that a granted user should have.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Just add another group, then. If you have a support question about this (meaning you want to know why we said Bugzilla 3.0 already does this, or how to do what you need with your installation), please ask it using one of the resources listed at http://www.bugzilla.org/support/
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago17 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.