New and Improved 3.13 Beta. Highlights: Shareable filters and dashboards and lots of other goodies. Any feedback can be raised as JIRA issues in the JIRA project.
Issue Details (XML | Word | Printable)

Key: JRA-11858
Type: Improvement Improvement
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Unassigned
Reporter: Jeff Turner [Atlassian]
Votes: 0
Watchers: 2
Operations

If you were logged in you would be able to see more operations.
JIRA

Remove the predefined "Users" role

Created: 01/Jan/07 05:40 PM   Updated: 01/Apr/07 06:27 PM
Component/s: User Management
Affects Version/s: None
Fix Version/s: 3.8.1

Time Tracking:
Not Specified

Participants: Anton Mazkovoi [Atlassian], Dylan Etkin [Atlassian], Jeff Turner [Atlassian] and Tim Pettersen [Atlassian]
Since last comment: 1 year, 21 weeks, 3 days ago
Resolution Date: 01/Apr/07 06:27 PM
Labels:


 Description  « Hide
JIRA 3.7 comes with a roles "Developers" and "Users" predefined, with the implication that these roles take the place of the default 'jira-developers' and 'jira-users' groups.

In practice, it turns out that migrating jira-users to "Users" is a really bad idea. Whereas 'developers' is normally a per-project concept, jira-users means "people able to access JIRA", and is inherently a system-wide concept that shouldn't be made per-project. For instance, new users are automatically added to 'jira-users', but not to the 'Users' role for each project.

In general, any system-wide classification (jira-users, jira-administrators) should not be converted to roles, and we should not suggest doing so by having a "Users" role predefined.

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Anton Mazkovoi [Atlassian] added a comment - 03/Jan/07 12:46 AM
I do not think that this is a good idea. A lot of JIRA users do not use their JIRA instance in an open environment like jira.atlassian.com.

In a lot of installations each project has a group for its "Users", which are represented by a user-group, e.g. projectA-users and projectB-users. In those systems users do not automatically gain access to projects after creating their accounts. Hence I think the Users role is a good thing.

Do we actually suggest somewhere to convert the jira-users group to the Users role? If so, I agree that the suggestion is not a good one.

We can even go as far as adding a piece of code that will warn the user if they are mapping a group that has been granted the Global Use Permission to a role. The user can be warned that they are probably confused.

However, I still think the Users role is very useful.

Let me know if I am missing something.


[ Permlink | « Hide ]
Jeff Turner [Atlassian] added a comment - 03/Jan/07 08:33 PM
> Do we actually suggest somewhere to convert the jira-users group to the Users role? If so, I agree that the suggestion is not a good one.

So you're sitting there with the schema migration tool. You've just mapped jira-developers to "Developers". On the left, there's "jira-users"; on the right, "Users" in the drop-down.... that's a pretty big suggestion. I took the bait. Dylan almost did. I think our users will too.

Rather than just warn the user, perhaps we should not even offer to map groups that have a global permission (jira-users, jira-administrators). A global permission is a strong indication that the group is, well, global, and should not be made project-specific by conversion to roles.


[ Permlink | « Hide ]
Tim Pettersen [Atlassian] added a comment - 01/Apr/07 06:27 PM
We've added clear warnings on both the group-to-role mapping selection screen and the confirm/preview screen. It's still possible to map a group with the USE permission, but the user will now have a good concept of why it's usually a bad idea.


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13_beta1-#328) - Bug/feature request - Atlassian news - Contact Administrators