Issue Details (XML | Word | Printable)

Key: JRA-11854
Type: Improvement Improvement
Status: Open Open
Priority: Major Major
Assignee: Unassigned
Reporter: Rob Baily
Votes: 2
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
JIRA

Allow global permssions to use roles in additon to groups

Created: 31/Dec/06 04:24 AM   Updated: 22/Jan/07 12:23 PM
Component/s: Administration
Affects Version/s: 3.7
Fix Version/s: None

Time Tracking:
Not Specified

Issue Links:
Part
 

Participants: Nick Menere [Atlassian] and Rob Baily
Since last comment: 1 year, 40 weeks, 5 days ago
Labels:


 Description  « Hide
The project role permission schemes are nice but there are a couple items in the Global Permissions that are still hard to use. The Global Permissions can only be assigned to groups. For things like Browse Users and Create Shared Filter where the default permission is jira-developers not having the roles means that we still have to create global groups to assign those permissions and then it has to be centrally managed. Maybe these types of permissions could be pushed into the Project Permission schemes if using the roles does not make sense?

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Nick Menere [Atlassian] added a comment - 01/Jan/07 04:55 PM
Rob,

While I see your need for it, it doesn't really make sense to do this as Role memberships are defined on a project level. Global permissions do not have a project associated with them, and the same goes with pushing the permissions down to permission schemes - these permissions are not associated with a project.

You could perhaps have a permission like "Is user have this role in ANY project". Though as you can imagine, might not be too efficient...

Cheers,
Nick


[ Permlink | « Hide ]
Rob Baily added a comment - 01/Jan/07 10:11 PM
Do you have another suggestion for how these kinds of permissions could be worked into roles and then possibly pushed down for administration to other users within projects? I think the other idea could be workable regarding having a role in ANY project. That actually makes a fair bit of sense here for everything except JIRA Administrators and maybe JIRA Users although this last one seems like it could be in that as well.

[ Permlink | « Hide ]
Rob Baily added a comment - 01/Jan/07 10:15 PM
I'm not sure that it actually would be terribly inefficient if you kept something rolled up at a user level to indicate what the overall set of roles they have are. This would be updated whenever role membership changed within a project which should happen much less frequently then the need to check the permissions.

[ Permlink | « Hide ]
Rob Baily added a comment - 02/Jan/07 09:32 AM
Also I found out that managing filters only allows for these to be used in groups rather than in roles so now group management is still need for this. It kind of defeats the purpose for having role management in this case.

[ Permlink | « Hide ]
Nick Menere [Atlassian] added a comment - 02/Jan/07 06:31 PM
Rob,

Filters typically suffer from the same problem in that usually they are not directly associated with a project. Therefore it is hard to use roles with them. We are planning a rewrite of the filter system within JIRA soon so I think this kind of thing may be addressed soon though.

Cheers,
Nick
Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13-#330) - Bug/feature request - Atlassian news - Contact Administrators